Free Essential Security Scan
Hi! Welcome to the Scan Project, a.k.a. TSP!
Let’s use the free standalone version of our scanner to quickly add Static, Composition, and Quality scans using the best free tools available today without any configuration required:
-
Semgrep Open Source - Static Analysis (SAST)
-
OWASP Dependency Check - Composition Analysis (SCA)
| You can use the solution on this page to apply the Pareto principle (the 80/20 rule) immediately at the beginning of your code security scanning program: it takes minutes to add this container image to your build pipelines and instantly get the essential SAST, SCA, and Quality coverage with reports consolidated in a single actionable dashboard with direct, meaningful feedback to your engineers. |
All you have to do is run our pre-built container image in your project’s directory:
docker run --rm -v ".:/src" scanproject/standaloneIt will run the scanners in parallel and create a file called tsp-report.json.
By default, the file will contain findings from all scanners in a generic format.
We also support most modern export formats.
E.g. if you’d like the report in Excel, you can just run this command to get tsp-report.csv:
docker run --rm -v ".:/src" scanproject/standalone scan --format csv
Most security scanners require build artifacts and dependencies to be present in the project folder - otherwise, they return false negatives.
So if you just checked the code out, you should run a build before running the scan.
At a bare minimum, something like npm install --package-lock or gradle build -x test, depending on your project language and platform.
|
Quick Scan Demonstration
Here are a couple of demos from our examples:
Node JS Application Scan Demo
A quick scan of a sample Vulnerable NodeJS Application:
Please see our examples for detailed instructions.
Add scan results to your dashboard
We support various report formats. You can, for example, add the scan results to the project’s SonarQube dashboard. All findings consolidated in one place look beautifully:
