Static Application Security Testing Analyzer for JavaScript Source Code. JS_SAST uses regular expressions to build its rulesets. These rulesets are being used by the tool to detect vulnerabilities, flaws, and bugs within JavaScript code. The tool will scan each line in the JavaScript code file and check the code against various of the custom rulesets that identify vulnerable code.
Install JS_SAST
git clone https://github.com/O72/JS_SAST.git
cd js_sastTo deploy and ensure all related packages for this project are installed, run
python3 installation.pypython3 js_sast.py
usage: js_sast.py [options]
optional arguments:
-h, --help show this help message and exit
Argument options:
-p PATH, --path PATH file: file or directory path to be scanned
-g GOSEC, --gosec GOSEC
-g gosec, to run gosec on the target repository to
scan for vulnerabilities in Go source code.
-b BANDIT, --bandit BANDIT
-b bandit, to run bandit on the target repository to
scan for vulnerabilities in Python source code.
-c CLONE, --clone CLONE
-c https://github.com/O72/JS_SAST.git, to clone
remote repository to the current directory to be
scanned
To run tests, run the following command
python3 js_sast.py -f examplesNo, If the rule for a certain vulnerability or a bug is not implemented/supported, the tool will not catch it. Check the documentation section to learn how to add support to a new rule.
The rulesets are located in core/ruleset.yaml