Back to Details

security-audit

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Security Audit

安全审计

Scan code for security vulnerabilities and secrets. Detects exposed API keys, passwords, insecure patterns, and common vulnerabilities.
扫描代码中的安全漏洞与敏感信息,检测暴露的API密钥、密码、不安全代码模式以及常见漏洞。

Setup

设置

No additional setup required.
无需额外设置。

Usage

使用方法

Scan for Secrets

扫描敏感信息

bash
{baseDir}/security-audit.js --scan --path /path/to/code
bash
{baseDir}/security-audit.js --scan --path /path/to/code

Check for Vulnerabilities

检查漏洞

bash
{baseDir}/security-audit.js --vulns --path /path/to/code
bash
{baseDir}/security-audit.js --vulns --path /path/to/code

Full Audit

完整审计

bash
{baseDir}/security-audit.js --full --path /path/to/code
bash
{baseDir}/security-audit.js --full --path /path/to/code

Options

选项

OptionDescriptionRequired
--scan
Scan for secretsNo
--vulns
Check for vulnerabilitiesNo
--full
Full security auditNo
--path
Path to scanYes
--output
Output format (json, text)No
选项描述是否必填
--scan
扫描敏感信息
--vulns
检查漏洞
--full
完整安全审计
--path
扫描路径
--output
输出格式(json, text)

Detected Patterns

检测模式

Secrets

敏感信息

  • AWS keys: 
    AKIA...
  • GitHub tokens: 
    ghp_...
    , 
    gho_...
  • Generic API keys
  • Private keys (RSA, DSA, EC)
  • Database connection strings
  • JWT tokens
  • AWS密钥:
    AKIA...
  • GitHub令牌:
    ghp_...
    , 
    gho_...
  • 通用API密钥
  • 私钥(RSA、DSA、EC)
  • 数据库连接字符串
  • JWT令牌

Vulnerabilities

漏洞

  • SQL injection patterns
  • Command injection patterns
  • Path traversal
  • Hardcoded passwords
  • Weak cryptographic algorithms
  • Insecure random
  • SQL注入模式
  • 命令注入模式
  • 路径遍历
  • 硬编码密码
  • 弱加密算法
  • 不安全随机数

Output Format

输出格式

json
{
  "secrets": [
    {
      "file": "config.js",
      "line": 10,
      "type": "api_key",
      "context": "apiKey = '..."
    }
  ],
  "vulnerabilities": [
    {
      "file": "app.js",
      "line": 25,
      "type": "sql_injection",
      "message": "Potential SQL injection"
    }
  ]
}
json
{
  "secrets": [
    {
      "file": "config.js",
      "line": 10,
      "type": "api_key",
      "context": "apiKey = '..."
    }
  ],
  "vulnerabilities": [
    {
      "file": "app.js",
      "line": 25,
      "type": "sql_injection",
      "message": "Potential SQL injection"
    }
  ]
}

When to Use

使用场景

  • Pre-commit security checks
  • CI/CD security scanning
  • Code review assistance
  • Detecting accidental secret exposure
  • 提交前安全检查
  • CI/CD安全扫描
  • 代码评审辅助
  • 检测意外暴露的敏感信息