Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Solidity

Haskell

Dart

Perl

HTML

PowerShell

Ruby

R

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Crystal

C

Ruby

Swift

Kotlin

Nix

Java

C#

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇳🇵 Nepal

🇧🇾 Belarus

🇲🇱 Mali

🇮🇱 Israel

🇧🇷 Brazil

🇵🇪 Peru

🇬🇬 Guernsey

🇸🇧 Solomon Islands

All Countries Compare Countries

nearform/gammaray

This repository has been archived on 30/Jan/2023
Stars
104
Rank 330,604 (Top 7 %)
Language
Go
License
MIT License
Created almost 7 years ago
Updated almost 5 years ago

nearform/gammaray

nearform

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Node.js vulnerability scanner

Gamma Ray

Gammaray is a software that helps developers to look for vulnerabilities on their Node.js applications. Its pluggable infrastructure makes very easy to write an integration with several vulnerabilities databases.

Get It

In order to get it just run:

$> go get github.com/nearform/gammaray

Once it is finished, you should have the gammaray binary in your GOPATH/bin folder.

Build it

$> make

Usage

Gammaray comes as a single binary so you only need to run it passing your project as argument:

$> gammaray <path-to-your-node-app>

Gammaray supports the following flags:

-path - path to directory where package.json is located

-image - docker image to scan

-log-level - valid values: panic | fatal | error | warn | info | debug. The default is info.

-ignore-list - path to JSON file with CVE/CWE ignore array The sample file is shown below:

[
  {"CVE": "CWE-400", "description": "We ignore this because it does not affect us"},
  {"CVE": "CVE-2015-8851", "description": "We ignore this because it does not affect us"}
]

And that is all, all the vulnerabilities that affect your packages will be displayed.

Contributing

As a developer

Clone the repository, then start hacking, PRs are welcome !

$> mkdir -p $GOPATH/src/github.com/nearform/
$> cd $GOPATH/src/github.com/nearform/
$> git clone https://github.com/nearform/gammaray.git
$> cd gammaray
$> make dev-install

As security provider

You want to be integrated? Contact me here

graphql-hooks

🎣 Minimal hooks-first GraphQL client

temporal_tables

Postgresql temporal_tables extension in PL/pgSQL, without the need for external c extension.

fast-jwt

Fast JSON Web Token implementation

nscale

Deployment just got easy

react-animation

Animation components and styles for React projects

sql

SQL injection protection module

react-browser-hooks

React Browser Hooks

udaru

Open source Access Manager for node.js

node-cephes

Implementation of special functions and distributions mathematical functions from the cephes library.

the-fastify-workshop

A workshop about Fastify

autopsy

dissect your dead node services with mdb via a smart os vm

fastify-auth0-verify

Auth0 verification plugin for Fastify

titus

Deploy useful features in sprint one

micro-services-tutorial-iot

An instructor led microservices workshop

developing-microservices

A workshop on microservices in nodejs

heap-profiler

Heap dump and sample profiler generator for Node.

docker-cloudwatch

Docker Cloudwatch

promises-workshop

Broken Promises Exercises

polaris

NearForm multi-platform application accelerator

nscale-workshop

Nodeconf.eu nscale workshop

well

nceubadge

The NodeConf EU 2017 Badge

owasp-top-ten-workshop

NearForm OWASP Top Ten Security Vulnerabilities Workshop

graphql-auto-federate

Automatically federate a Mercurius GraphQL service

trail

Audit trail log service

slow-rest-api

A REST API that is slow

stats

📊 Collect stats about your node.js process 📊

node-hidden-markov-model-tf

A trainable Hidden Markov Model with Gaussian emissions using TensorFlow.js

autocannon-ui

A graphical user interface for autocannon providing the same user experience

react-pwa

Hackernews Progressive Web Application built with React

open-banking-reference-app

NearForm reference application for open banking - https://community.nearform.com/api-banking

react-redux-typescript-saga-immutable

Sample React boilerplate written in TypeScript, including React Router, Redux, Redux Saga, ImmutableJS and Styled Components.

fastify-overview-ui

UI for fastify-overview

minishift-demo

Demo for local development using minishift

reviewbot

A bot to assist with code reviews via AI

get-jwks

Fetch utils for JWKS keys

sharing-components

tf-modules-example

Code example for the reusable, configurable Terraform modules blog post

aws-proxy-pattern

Terraform module to create a transparent proxy within AWS

openapi-transformer-toolkit

Automate design-first API workflows by generating schemas and types from OpenAPI specs.

fastify-casbin

A plugin for Fastify that adds support for Casbin

the-graphql-workshop

A workshop about GraphQL with mercurius

choo-pwa

no-gres

A small module to mock pg for testing purposes.

nscale-docs

Documentation for nscale

optic

App for generating OTP tokens for 2FA protected accounts

initium-platform

A set of Kubernetes add-ons with optimal configuration and test coverage to create a day zero platform for your code

optic-release-automation-action

Automate the release process of your npm modules, apps and actions

brokeneck

Admin UI for Auth0, Azure AD and AWS Cognito

node-test-runner-workshop

The Node.js Test Runner Workshop

graphql-hooks-workshop

react-patterns-workshop

A workshop which covers intermediate and advanced React usage patterns

node-test-github-reporter

A GitHub test reporter for the Node.js test runner

mira

The Mira Accelerator fast-tracks the setup of common Amazon Web Services (AWS) Serverless infrastructure

react-native-apple-wallet-demo

Create Custom Apple Wallet Passes with React Native and Fastify

langchain-google-calendar

A spike project: allows natural language to create actions in Google Calendar

fastify-casbin-rest

A plugin for Fastify that adds support for Casbin's REST model

cloudwatchlogs-stream

Stream interfacet to CloudWatch Logs

mercurius-apollo-registry

A Mercurius plugin for schema reporting to Apollo Studio

leaistic

An ElasticSearch manager

stats-to-elasticsearch

Collect and send stats about your node.js process to elasticsearch. 📊🔌📈

nceubadge2018

NodeConf EU 2018 Badge code and hardware design files

openshift-kafka

Run Apache Kafka in Openshift Origin

create-stats-dashboard

📈 A wrapper to create and initialise a stats dashboard on kibana using import-kibana-dashboard, for easy manipulation of stats sent via stats-to-elasticsearch 📉

fastify-mssql

MSSQL Plugin for Fastify

mercurius-explain

A Mercurius plugin that shows the execution time of each resolver in a query

the-micro-frontends-workshop

The Micro Frontends Workshop with Module Federation

commentami

A 'google docs' like commenting system

zoom-shuffle-bot

Zoom Chatbot used to retrieve a randomized list of your current meeting's participants

jsnation-node-workshop

Our workshop at JSNation 2019

optic-expo

Secure 2FA OTP via Mobile Push Notifications

choo-data

Simple data fetching plugin for Choo with server-side rendering support

nodeconfeu-gesture-models

Ongoing attempts at gesture models

slack-knowledgebase-chatgpt-responder

ChatGPT powered slack responder to the questions that are about NearForm knowledge base

initium

Deploy your code on day zero, avoiding vendor lock-in.

playwright-firebase

A plugin to handle Firebase authentication in Playwright tests

docker-container

otlp-blueprint

Open Telemetry + Jaeger + 3-tier application Blueprint

pwa-poc

PWA for proof of concept for sharing images, qrcode scanning and geolocation from a PWA

slidev-theme-nearform

NearForm theme for sli.dev presentations

saluki

Utility based CSS-in-JS theming

fastify-secrets-aws

Fastify secrets plugin for AWS Secrets Manager

fastify-cloud-run

Fastify on Google Cloud Run

iot-system

A fuge config for a demo iot system

fastify-slow-down

A slow down plugin for fastify

github-action-check-linked-issues

GitHub action to check if pull requests have their corresponding issues.

github-board-slack-notifications

Send notifications to a Slack channel for any changes that are performed in a GitHub board (Projects v2 / beta)

openshift-ansible

Ansible code for openshift

fastify-jwt-jwks

JSON Web Key Set (JWKS) verification plugin for Fastify

memleak-exercise

github-action-notify-release

GitHub Action that automatically creates an issue with an overview of the commits that are waiting to be released

fastify-ravendb

Fastify RavenDB connection plugin

fastify-secrets-azure

Fastify secrets plugin for Azure Key Vault

anger

pub-sub tester for Nes

choo-bundles

Bundle splitting with HTTP2 push support for Choo with choo-ssr

sentinel

Sentinel - a testing & monitoring application

mercurius-explain-graphiql-plugin

A Graphiql plugin to show the results from mercurius-explain

azure-workshop

Azure Workshop on Kubernetes

webinar-streams

Examples for the streams Webinar

initium-cli

CLI tool for the Initium project