This is an unstable PoC, and is work in progress!
This was written over a few evenings for AppSec Amsterdam, so feel free to use it but issues will exist, and it is not currently OS agnostic or robus yet.
We have to start somewhere, and well, this is somewhere!
- Reviews the package.json and provides guidance on potential issues or misconfigurations when using a particular dependency from a repository
- Performs third-party dependency scanning using npm or yarn audit
- Identifies secrets with ripgrep
- Lints for security issues using eslint
- Finds ReDoS issues with vuln-regex-detector
- Clone project and run
- Set up ripgrep by following the instructions
- Set up vuln-regex-detector following the instructions
- Once installed, set the path in the config
In the future this will be a npm module, but as it has too many third-party components, publishing does not make sense.
$ git clone https://github.com/lewisardern/metasecjs $ cd metasecjs && npm install $ cd bin $ ./run audit -p Amsterdam -d /path/to/scan -o /path/to/save auditing project... ...
Describe the command here
USAGE $ ./run audit -p Amsterdam -d /path/to/scan -o /path/to/save OPTIONS -p, --project=project Project definition -d, --dir=directoy Directory to scan -o, --output=output Directory to save results
metasec help [COMMAND]
display help for metasec
USAGE $ metasec help audit