Code Monkey home page Code Monkey logo

secode-template's Introduction

Secode

  • Secode is an insecure Code Detector tool, that analyzes your code, to find anomalies, say Insecure Functions in your codes, that makee it insecure.
  • But, it doesn't stop there - as a precautionary measure, Secode provides you with safer function alternatives - like for the use of strcpy() which is vulnerable to Buffer Overflow,you must instead use secure alternative(s) like lstrcy(), that you can implement on your code, to make it secure.

How is it different?

  • Secode is powered by a stringent and comprehensive ruleset, that can detect vulnerabilities pretty easily, which will be updated regularly, as more vulnerabilities and exploits emerge.
  • Secode enforces the concept of "Secure Coding" and "Secure Software Devloepment Life Cycle (Secure SDLC)" which is now gaining much needed traction during the development process of any software

What does a Secode scan on the Code(s) you provide,give you?

Your Code Report provides you information about:-

  • Hit count of vulnerable functions (total count)
  • Vulnerability at hand
  • CWE Number associated with it
  • A brief description about the vulnerability
  • Risk level of your code (graded from 1 - 5,on the severity basis)
  • Secure alternative(s) that you must use which are totally safe from exploits.

Installation Guide

Refer the INSTALL.md file for an in-depth walkthrough on how to install the tool,on your Linux distro

Under the hood

More technically, secode uses lexical scanning to find tokens (such as function names) that suggest likely vulnerabilities, estimates their level of risk (e.g., by the text of function calls), and reports the results. secode does not use or have access to information about control flow, data flow, or data types. Thus, secode will necessarily produce many false positives for vulnerabilities and fail to report many vulnerabilities. On the other hand, secode can find vulnerabilities in programs that cannot be built or cannot be linked. secode also doesn't get as confused by macro definitions and other oddities that more sophisticated tools have trouble with.

Roadmap

  • Dockerize it to provide support across all platforms
  • Extending Scanning functionalities within the tool to:
    1. Web Technologies like HTML, CSS, Js and PHP
    2. App Development languages like Java and Kotlin
  • GitHub Actions workflows Integration.

Contributions

We love contributions! For more information on contributing, see the file CONTRIBUTING.md.

License

Secode is released under the GNU GPL license version 2 or later (GPL-2.0+). See the LICENSE file for license information.

secode-template's People

Contributors

noelv11 avatar

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.