SimpleSecCheck

Single-shot security scanning for code or web apps.

SimpleSecCheck runs a complete security scan in one command using Docker. No persistent services, no monitoring, just a report.

---

Why SimpleSecCheck

• Single-shot: run once, get an HTML report.
• Different modes: codebase, website, network or image scan.
• Docker-first: isolated, reproducible scans.
• WebUI (optional): run scans from a minimal UI in dev.

---

Quick Start (Recommended)

0) Clone the repository

git clone https://github.com/fr4iser90/SimpleSecCheck.git
cd SimpleSecCheck

1) Start the Frontend (nginx) + Backend in dev

docker compose --profile dev up --build

Open http://localhost:8080 and start a scan. The Frontend is now frontend-only (nginx), and /api/* is proxied to the internal backend (worker+scanner).

Dev note: Auto-shutdown is disabled in dev for convenience.

2) CLI-only scan (optional)

docker compose --profile dev run --rm scanner

3) Website scan

SCAN_TARGET=https://example.com docker compose --profile dev run --rm scanner

Results appear in results/ as a timestamped folder with security-summary.html.

---

Production Mode (Restricted)

Production mode is stricter by design.

ENVIRONMENT=prod docker compose --profile prod up --build

• Docker image scans accept Docker Hub images only (nginx:latest or docker.io/...).
• Intended for controlled environments. Keep HTTPS enabled in real deployments.

---

Usage Notes

• Legal: Scan only systems you own or have explicit permission to test.
• OWASP cache: When using Docker Compose, the cache is mounted automatically. For manual docker run, mount scanner/scanners/owasp/data.
• CLI detail: See CLI & Docker examples for scan-only commands and full environment variables.

---

Documentation

• CLI & Docker examples
• Frontend docs
• Development
• Tool list
• Legal considerations
• Third-party licenses

---

License

MIT. See LICENSE.