An API-driven SPA written using ReactJS that provides users with the ability to perform static analysis scans of their public NodeJS Express GitHub repositories.
Explore the code »
View Demo
·
Report Bug
·
Explore Backend API code
Table of Contents
Express Secure is a single-page application that interacts with an RESTful API to perform identify software vulnerabilities in NodeJS Express repositories. The application allows the user to specify a GitHub account and import the repositories and branches related to that account. A branch can be selected to perform a scan and return the identified vulnerabilities.
- https://reactjs.org/
- https://fontawesome.com/v5/docs/web/use-with/react
- https://react-bulma.dev/en
- https://www.djangoproject.com/
- https://github.com/ajinabraham/njsscan/
- https://docs.github.com/en/rest/
To get a local copy up and running follow these simple steps.
The client requires the backend API https://github.com/hcduffey/express-secure-api to work.
- Clone the repo
git clone https://github.com/hcduffey/express-secure-client.git
- Install the dependencies
npm i
- Run it
npm start
You must first import or select an existing GitHub account by clicking the person button on the right-hand side of the navigation bar.
Select one of the imported repositories from the drop-down, and click the sync button to list the branches for that repository. Click the desired branch to scan, and the press the 'New Scan' button. The vulnerability results will be returned in the main table. You can download a CSV file with the details of the scan results and get an overview of the results.
Click the toolbox button on the right-hand side of the nav bar. You will be presented with a list of the currently imported GitHub accounts. Click the trashcan icon next to the account you want to remove to delete it. This will also remove any repositories, branches, scans, and vulnerabilities associated with that account.
- Provide users with some identifier for repositories that are NodeJS Express applications to show that they can be scanned with useful results
- The currently used scanning package will timeout or generate errors for larger repositories. Either address these limitations, or change to a different scanning package (currently using NodeJSScan).
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature
) - Commit your Changes (
git commit -m 'Add some AmazingFeature'
) - Push to the Branch (
git push origin feature/AmazingFeature
) - Open a Pull Request
Distributed under the MIT License. See LICENSE.txt
for more information.
Cliff Duffey - @cliffduffey2
Project Link: https://github.com/hcduffey/express-secure-client
API Project Link: https://github.com/hcduffey/express-secure-api