noscan is a universal vulnerability scanner with deterministic
results that works with any kind of artifact.
You can pipe files or give it a reference, it all works:
# Pipe files through the scanner:
cat virus.exe | ./scan.sh
# Scan a directory:
./scan.sh source/
# Scan a container image
./scan.sh k8s.gcr.io/kube-proxy:v1.25.0
# Scan a website
./scan.sh https://openssf.org/
# Scan a postal address
./scan.sh One Apple Park Way Cupertino, CA 95014
There is nothing to worry about! We scanned noscan with itself to make sure it's safe:
❯ ./scan.sh scan.sh
0 vulnerabilities found
noscan is super secure, it has an SBOM (Software Bill of Materials)
available in this repo, and it is also signed:
