<p align="center">
<img alt="logo" src="../logo.svg">
</p>
<h1 align="center" style="margin: 30px 0 30px; font-weight: bold;">OpenSCA-Cli</h1>
<p align="center">
<a href="https://github.com/XmirrorSecurity/OpenSCA-cli/blob/master/LICENSE"><img src="https://img.shields.io/github/license/XmirrorSecurity/OpenSCA-cli?style=flat-square"></a>
<a href="https://github.com/XmirrorSecurity/OpenSCA-cli/releases"><img src="https://img.shields.io/github/v/release/XmirrorSecurity/OpenSCA-cli?style=flat-square"></a>
</p>
English|[中文](../README.md)
## Introduction
OpenSCA is intended for scanning third-party dependencies and vulnerabilities.
Our website: [https://opensca.xmirror.cn](https://opensca.xmirror.cn)
Click **STAR** to encourage us.
------
## Detection Ability
OpenSCA is now capable of parsing configuration files in the listed programming languages and correspondent package managers. The team is now dedicated to introducing more languages and enriching the parsing of relevant configuration files gradually.
| LANGUAGE | PACKAGE MANAGER | FILE |
| ------------ | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
| `Java` | `Maven` | `pom.xml` |
| `Java` | `Gradle` | `.gradle` `.gradle.kts` |
| `JavaScript` | `Npm` | `package-lock.json` `package.json` `yarn.lock` |
| `PHP` | `Composer` | `composer.json` `composer.lock` |
| `Ruby` | `gem` | `gemfile.lock` |
| `Golang` | `gomod` | `go.mod` `go.sum` |
| `Rust` | `cargo` | `Cargo.lock` |
| `Erlang` | `Rebar` | `rebar.lock` |
| `Python` | `Pip` | `Pipfile` `Pipfile.lock` `setup.py` `requirements.txt` `requirements.in`(For the latter two, pipenv environment & internet connection are needed) |
## Download and Deployment
1. Download the appropriate executable file according to your system architecture from [releases](https://gitee.com/XmirrorSecurity/OpenSCA-cli/releases).
2. Or download the source code and compile (go 1.18 and above is needed)
```shell
git clone https://gitee.com/XmirrorSecurity/OpenSCA-cli.git opensca
cd opensca
go work init cli analyzer util
go build -o opensca-cli cli/main.go
```
The default option is to generate the program of the current system architecture. If you want to try it for other system architectures, you can set the following environment variables before compiling.
- Disable `CGO_ENABLED` `CGO_ENABLED=0`
- Set the operating system `GOOS=${OS} \\ darwin,freebsd,liunx,windows`
- Set the architecture `GOARCH=${arch} \\ 386,amd64,arm`
## Samples
### Scan & Report in CLI/CRT (default)
Detect the components only:
```shell
opensca-cli -path ${project_path}
```
Connect to the cloud vulnerability database:
```shell
opensca-cli -url ${url} -token ${token} -path ${project_path}
```
Or use the local vulnerability database:
```shell
opensca-cli -db db.json -path ${project_path}
```
### Scan & Report in Files (use the `out` parameter)
Files supported by the `out` parameter are listed below:
| TYPE | FORMAT | SPECIFIED SUFFIX | VERSION |
| ------ | ------ | -------------------------------- | ------------------ |
| REPORT | `json` | `.json` | `*` |
| | `xml` | `.xml` | `*` |
| | `html` | `.html` | `v1.0.6` and above |
| SBOM | `spdx` | `.spdx` `.spdx.json` `.spdx.xml` | `v1.0.8` and above |
| | `cdx` | `.cdx.json` `.cdx.xml` | `v1.0.11`and above |
| | `swid` | `.swid.json` `.swid.xml` | `v1.0.11`and above |
#### Sample
```shell
opensca-cli -url ${url} -token ${token} -path ${project_path} -out ${filename}.${suffix}
```
## Parameters
**You can either configure the parameters in the configuration file or input the parameters in the command-line. When the two conflict, the input parameters will be prioritized.**
| PARAMETER | TYPE | DESCRIPTION | SAMPLE |
| ---------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `config` | `string` | Set the configuration file path, when the program runs, the parameter of the configuration file will be used as the startup parameters. If the configuration parameter conflicts with the command-line input parameter, the latter will be taken. | `-config config.json` |
| `path` | `string` | Set the file or directory path to be detected. | `-path ./foo` |
| `url` | `string` | Check the vulnerabilities from the cloud vulnerability database and set the address of the cloud service. It needs to be used with the `token` parameter. | `-url https://opensca.xmirror.cn`
没有合适的资源?快使用搜索试试~ 我知道了~
OpenSCA是一款开源的软件成分分析工具,用来扫描项目的第三方开源组件依赖及漏洞信息
共80个文件
go:58个
md:5个
sum:4个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 17 浏览量
2023-04-25
09:17:10
上传
评论
收藏 1.52MB ZIP 举报
温馨提示
OpenSCA是一款开源的软件成分分析工具,用来扫描项目的第三方开源组件依赖及漏洞信息
资源推荐
资源详情
资源评论
收起资源包目录
OpenSCA-cli-master.zip (80个子文件)
OpenSCA-cli-master
makefile 132B
.github
README.md 17KB
analyzer
golang
gomod.go 1KB
analyzer.go 896B
ruby
gem.go 2KB
analyzer.go 824B
go.mod 611B
rust
cargo.go 2KB
analyzer.go 715B
go.sum 4KB
analyzer
analyzer.go 401B
java
oss.gradle 1KB
pom.go 10KB
mvn.go 7KB
gradle.go 3KB
download.go 7KB
ext.go 4KB
analyzer.go 5KB
engine
archive.go 4KB
parse.go 4KB
engine.go 3KB
python
oss.py 835B
req.go 5KB
setup.go 2KB
pipfile.go 1KB
analyzer.go 1KB
erlang
rebar.go 471B
analyzer.go 724B
php
composer.go 4KB
analyzer.go 1KB
composer_lock.go 2KB
javascript
package_json.go 4KB
package_lock.go 3KB
yarn_lock.go 3KB
analyzer.go 2KB
LICENSE 11KB
.goreleaser.yml 773B
logo.svg 6KB
docs
npm.md 6KB
CODE_OF_CONDUCT.md 5KB
贡献指南(中文版)v1.0.md 6KB
Contributing Guideline-en v1.0.md 8KB
db-demo.json 9KB
cli
go.mod 20B
go.sum 0B
main.go 2KB
config.json 220B
wechat.png 879KB
go.work.sum 322B
util
go.mod 538B
go.sum 2KB
enum
language
language.go 2KB
client
aes.go 970B
client.go 5KB
cache
cache.go 2KB
temp
temp.go 655B
vuln
local.go 2KB
server.go 621B
vuln.go 2KB
ex
python.go 2KB
report
json.go 466B
spdx_type.go 5KB
format.go 2KB
swid.go 2KB
html_tpl 1.69MB
html.go 2KB
spdx.go 5KB
statis.go 1KB
cyclonedx.go 2KB
filter
file.go 3KB
bar
bar.go 1KB
model
purl.go 1KB
version.go 7KB
file.go 3KB
dependency.go 5KB
quque.go 1KB
vuln.go 856B
logs
log.go 1KB
args
args.go 3KB
repo.go 323B
共 80 条
- 1
资源评论
Java程序员-张凯
- 粉丝: 1w+
- 资源: 6651
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功