Skip to content

/ insider

Insider is the CLI project from the Insider Application Security Team for the community
sast security-tools security-scanner security-automation cli android-security ios-security insider owasp
Go Makefile
  1. Go 99.4%
  2. Makefile 0.6%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Latest commit

@bieeldeveloper
bieeldeveloper Merge pull request #6 from msAlcantara/master 
Fix syntax error on test files
Latest commit 69f3fa9 Jun 2, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Update e-mail Mar 27, 2020
analyzers Fix syntax error on test files May 21, 2020
documentation Update PT_BR.md May 28, 2020
lexer removing unnecessary comments Mar 20, 2020
lib added filepath.Clean method to prevent Local file inclusion vulnerabi… Mar 27, 2020
models removing unnecessary comments Mar 20, 2020
supervisors removing unnecessary comments Mar 20, 2020
visitor added filepath.Clean method to prevent Local file inclusion vulnerabi… Mar 27, 2020
.dockerignore Initial commit: Starting the OSS project Nov 12, 2019
.gitignore Initial commit: Starting the OSS project Nov 12, 2019
LICENSE.md rename LICENSE to LICENSE.md Mar 9, 2020
Makefile Update Makefile May 28, 2020
README.md Update README.md May 28, 2020
go.mod removing unnecessary comments Mar 20, 2020
log.go removing unnecessary comments Mar 20, 2020
main.go Readme and --help adjusts May 27, 2020

README.md

Insider is the OSS CLI project from the Insider Application Security Security Team for the community. This project have a simplified version of the proprietary Static Application Security Testing engine developed internally by us, this version of Insider is exclusively focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline.

Installation

We have precompiled binaries for Linux, Windows and macOS operational systems that you can find here

But if you are (g)old school or just want to compile it yourself, you'll need at least Go version 1.13.3., and GNU Make >= 4.2.1;

After downloading / checking if your version is compatible, you just have to:

  • go get github.com/insidersec/insider
  • cd $GOPATH/src/github.com/insidersec/insider
  • make linux64 or make win64 or make macos or make all

We support:

  • linux32
  • linux64
  • win32
  • win64
  • macos

Have fun! 🚀

Usage

OBS.: The target folder should contain all the source code that should be analyzed, we plan to release support for compiled binaries for iOS, and Android' APKs.

./insider --help

Usage of insider:
  -force
    	Overwrite the results directory. Insider does not overwrite the results directory by default - Optional
  -no-banner
    	Skips the banner printing (Useful for CI/Docker environments) - Optional
  -no-html
    	Skips the report generation in the HTML format - Optional
  -no-json
    	Skips the report generation in the JSON format - Optional
  -target string
    	Specify where to look for files to run the specific ruleset
        -target <folder>
        -target <myprojectfolder>
  -tech string
    	Specify which technology ruleset to load. (Valid values are: android, ios, csharp, javascript)
        -tech javascript
        -tech csharp

Example

#Check the correct release for your environment
wget https://github.com/insidersec/insider/releases/download/1.0.1/insider-linux-amd64
chmod +x insider-linux-amd64
./insider-linux-amd64 -tech android -target example-master/
cat results/report.json

Contribution

License

You can’t perform that action at this time.