Security Scanner

Security Scanner

Scan for vulnerabilities, OWASP issues, and security best practices.

Overview

Security Scanner analyzes code for vulnerabilities, checks OWASP Top 10 compliance, detects hardcoded secrets, and identifies common security issues like SQL injection and XSS.

Key Features:

• Vulnerability detection - SQL injection, XSS, CSRF, and more
• OWASP Top 10 - Check compliance with security standards
• Secrets detection - Find hardcoded credentials and API keys
• Dependency scanning - Detect vulnerable packages
• Security reports - Generate comprehensive audit reports

---

💡 How to Use

Just ask naturally in your editor - works in English and Spanish:

Scan for Security Vulnerabilities (English / Español)

"Scan my code for security vulnerabilities"
"Escanear mi código en busca de vulnerabilidades de seguridad"

"Check this file for security issues"
"Verificar este archivo en busca de problemas de seguridad"

What You Get

🔒 Security Scan Results:

❌ CRITICAL Issues (2):
  1. SQL Injection - auth.ts:42
     db.query('SELECT * FROM users WHERE id = ' + userId)
     Fix: Use parameterized queries

  2. Hardcoded AWS Key - config.ts:15
     const key = 'AKIA1234567890ABCDEF'
     Fix: Use environment variables

⚠️  HIGH Issues (3):
  1. XSS Vulnerability - template.tsx:87
  2. Weak Cryptography - crypto.ts:23
  3. Missing Rate Limiting - api.ts:56

📊 Summary: 5 total findings
   CRITICAL: 2 | HIGH: 3 | MEDIUM: 0 | LOW: 0

Check OWASP Top 10 Compliance (English / Español)

"Check OWASP Top 10 compliance"
"Verificar cumplimiento OWASP Top 10"

What You Get

🛡️  OWASP Top 10 Compliance Report:

❌ A03:2021 - Injection (2 violations)
  - SQL injection in query builder
  - Command injection in file processor

❌ A05:2021 - Security Misconfiguration (1 violation)
  - JWT secret hardcoded in source

❌ A06:2021 - Vulnerable Components (3 violations)
  - lodash@4.17.15 (CVE-2020-8203)
  - express@4.16.0 (CVE-2019-5448)
  - axios@0.18.0 (CVE-2020-28168)

✅ A01:2021 - Broken Access Control (0 violations)
✅ A02:2021 - Cryptographic Failures (0 violations)

Find Hardcoded Secrets (English / Español)

"Scan for hardcoded secrets and API keys"
"Escanear en busca de secretos y claves API en el código"

What You Get

🔑 Secret Scan Results:

Found 5 hardcoded secrets:

1. CRITICAL - AWS Access Key
   File: config/aws.ts:15
   Pattern: AKIA****************
   Fix: Use AWS Secrets Manager or env vars

2. CRITICAL - Database Password
   File: .env.example:8
   Pattern: postgres://user:pass@localhost
   Fix: Remove real credentials from example

3. HIGH - GitHub Token
   File: scripts/deploy.js:23
   Pattern: ghp_****************************
   Fix: Use GitHub Actions secrets

📊 Total Secrets: 5
   AWS Keys: 2 | Database: 1 | API Keys: 2

Generate Security Report (English / Español)

"Generate a comprehensive security report"
"Generar un reporte de seguridad completo"

What You Get

# Security Audit Report
Generated: 2025-10-09

## Executive Summary
- Files Scanned: 47
- Total Findings: 23
- Critical: 3 | High: 8 | Medium: 12

## Critical Issues
1. SQL Injection - src/database/query.ts
2. Hardcoded AWS Credentials - config/aws.ts
3. Command Injection - src/utils/shell.ts

## Recommendations
1. Implement parameterized queries
2. Move secrets to environment variables
3. Update vulnerable dependencies

---

🔧 Available Tools

scan_file

Scan a single file for security vulnerabilities.

Parameters:

• filePath (required) - Path to file
• config.minSeverity (optional) - 'critical' | 'high' | 'medium' | 'low' | 'info'
• config.scanSecrets (optional) - Include secret scanning (default: true)
• config.scanSQLInjection (optional) - Include SQL injection (default: true)
• config.scanXSS (optional) - Include XSS scanning (default: true)
• config.scanOWASP (optional) - Include OWASP checks (default: true)

scan_project

Recursively scan entire project for vulnerabilities.

Parameters:

• projectPath (required) - Path to project directory
• config (optional) - Same as scan_file plus:
  • excludePatterns - Patterns to exclude
  • scanDependencies - Scan package.json (default: true)

scan_secrets

Specifically scan for hardcoded secrets and API keys.

Parameters:

• targetPath (required) - Path to file or directory
• customPatterns (optional) - Custom secret patterns

scan_vulnerabilities

Scan for specific vulnerability types.

Parameters:

• targetPath (required) - Path to scan
• vulnerabilityTypes (required) - Array of types to scan for

generate_security_report

Generate comprehensive security report in markdown.

Parameters:

• projectPath (required) - Path to project
• outputPath (optional) - Path to save report
• config (optional) - Scan configuration

---

💡 Best Practices

Scan Before Every Commit

"Scan my staged files for security issues"
"Escanear mis archivos en staging en busca de problemas de seguridad"

Weekly Full Project Scans

"Run a full security scan on the entire project"
"Ejecutar un escaneo de seguridad completo en todo el proyecto"

Monitor Dependencies

"Scan package.json for security vulnerabilities"
"Escanear package.json en busca de vulnerabilidades de seguridad"

---

🔗 Related Tools

Combine with other tools for powerful workflows:

• Smart Reviewer - Code quality + security review
• Refactor Assistant - Fix security vulnerabilities with refactoring
• Orchestrator - Automate security scans in CI/CD

---

📚 Learn More

• Quick Start Guide - Get started in 5 minutes
• Troubleshooting - Common issues
• Full Documentation - All tools

---

Need help? Open an issue | View documentation