Vulnerability Scanner is an open-source tool designed to help developers and DevOps teams identify security vulnerabilities in software packages before they become a risk in production. It provides a simple, user-friendly interface and a RESTful API for scanning packages, viewing vulnerability reports, and tracking scan history.
This tool supports scanning for vulnerabilities in popular package managers (such as npm) and can be extended to support others. It is built with a modern React frontend and a robust Spring Boot backend.
- Quick Package Scan: Instantly check any package for known vulnerabilities.
- Bulk Scan: Scan multiple packages at once.
- Vulnerability Reports: View detailed reports including severity, CVE references, and remediation advice.
- Scan History: Track when packages were last scanned and view historical trends.
- REST API: Integrate vulnerability checks into your CI/CD pipelines.
- Swagger Documentation: Interactive API docs for easy exploration.
- Java 17+ (backend)
- Node.js 18+ (frontend)
- Docker (optional, for containerized deployment)
-
Backend
./mvnw spring-boot:run
-
Frontend
cd ui npm install npm run dev -
Access the UI:
Open http://localhost:5173 -
API Documentation:
Open http://localhost:8080/swagger-ui/index.html
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/packages/{packageName} |
Get package info |
| GET | /api/packages/{packageName}/vulnerabilities |
Get cached vulnerabilities |
| POST | /api/packages/{packageName}/scan |
Perform fresh vulnerability scan |
| POST | /api/packages/bulk-scan |
Bulk scan multiple packages |
| GET | /api/packages/{packageName}/scan-status |
Get last scan status |
See Swagger UI for full details.
Run this application with Docker Compose:
git clone git@github.com:viiku/vulnerability-scanner.git
docker-compose upContributions are welcome! Please open issues or submit pull requests for improvements, bug fixes, or new features.