Code Security Scanner

A ready-to-use bash script that scans any codebase for 10 categories of security vulnerabilities using pattern-based detection. Covers OWASP Top 10 with zero external dependencies — just grep/ripgrep and bash.

What it finds:

• Hardcoded API keys, AWS credentials, private keys, passwords
• SQL injection via string concatenation and template literals
• XSS through innerHTML and dangerouslySetInnerHTML
• Command injection via exec/spawn/os.system with user input
• Path traversal, weak crypto (MD5/SHA1), insecure HTTP
• CORS wildcard misconfigurations
• Unsafe eval() usage
• Debug leftovers (TODO/FIXME/debugger statements)

Returns a severity-rated report (HIGH/MED/LOW) and exits with code 1 on HIGH findings — plug it directly into your CI/CD pipeline as a security gate.

Works across JavaScript, TypeScript, Python, Go, Ruby, PHP, and any text-based source. Language-agnostic patterns mean it works on polyglot repos out of the box.

Includes the complete scanner script, OWASP mapping table, CI/CD integration examples, and instructions for adding custom patterns.