Skip to content

KleinDigitalSolutions/SecuChain

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
SecuChain
SecuChain
 
 
.DS_Store
.DS_Store
 
 
README.md
README.md
 
 

Repository files navigation

SecuChain

A Comprehensive Open-Source Security Analysis Platform

SecuChain is a modular security tool that combines multiple security scanning capabilities into a unified platform:

  • Supply Chain Security: Scan dependencies for known vulnerabilities (Python, JavaScript, containers)
  • Web/API Security: Analyze web applications for common vulnerabilities (XSS, CSRF, CORS misconfigurations, insecure headers)
  • Git Anomaly Detection: Detect suspicious commits and changes in git repositories

Features

  • Modular Architecture: Each scanner is an independent, pluggable module
  • REST API: FastAPI-based backend with comprehensive API endpoints
  • Web Dashboard: React-based frontend for visualizing scan results
  • Async Processing: Long-running scans execute asynchronously
  • Multiple Formats: Support for various input formats and report outputs
  • Open Source: MIT licensed, community-driven development

Architecture

┌─────────────────┐
│  React Frontend │
│   (Dashboard)   │
└────────┬────────┘
         │ REST API
┌────────▼────────┐
│  FastAPI Backend│
│                 │
├─────────────────┤
│   Scan Modules  │
├─────────────────┤
│ ┌─────────────┐ │
│ │Supply Chain │ │
│ │   Scanner   │ │
│ └─────────────┘ │
│ ┌─────────────┐ │
│ │Web Security │ │
│ │   Analyzer  │ │
│ └─────────────┘ │
│ ┌─────────────┐ │
│ │Git Anomaly  │ │
│ │  Detector   │ │
│ └─────────────┘ │
└─────────────────┘

Quick Start

Prerequisites

  • Python 3.10+
  • Node.js 18+
  • Docker (optional)

Installation

# Clone the repository
git clone https://github.com/yourusername/SecuChain.git
cd SecuChain

# Backend setup
cd backend
pip install -r requirements.txt
python -m uvicorn app.main:app --reload

# Frontend setup (in another terminal)
cd frontend
npm install
npm start

Docker

docker-compose up

Usage

API Examples

Start a supply chain scan:

curl -X POST http://localhost:8000/api/v1/scan/supply-chain \
  -H "Content-Type: application/json" \
  -d '{"path": "/path/to/project"}'

Start a web security scan:

curl -X POST http://localhost:8000/api/v1/scan/web-security \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'

Check git repository for anomalies:

curl -X POST http://localhost:8000/api/v1/scan/git-anomaly \
  -H "Content-Type: application/json" \
  -d '{"repo_path": "/path/to/repo"}'

Development

Project Structure

SecuChain/
├── backend/              # FastAPI backend
│   ├── app/
│   │   ├── api/         # REST endpoints
│   │   ├── core/        # Configuration, dependencies
│   │   ├── models/      # Pydantic models
│   │   ├── services/    # Business logic
│   │   └── scanners/    # Security scanner modules
│   └── tests/           # Backend tests
├── frontend/            # React frontend
├── docs/                # Documentation
└── scripts/             # Utility scripts

Running Tests

# Backend tests
cd backend
pytest

# Frontend tests
cd frontend
npm test

Contributing

Contributions are welcome! Please read our Contributing Guide for details.

License

MIT License - see LICENSE file for details

Roadmap

  • Supply chain scanning for Python, JavaScript, containers
  • Web security analyzer with OWASP Top 10 checks
  • Git anomaly detection with ML-based analysis
  • CI/CD integration (GitHub Actions, GitLab CI)
  • SARIF output format support
  • Advanced reporting and dashboards
  • Plugin system for custom scanners

Contact

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages