Expand description
Security scanning module for dependency vulnerability detection.
This module provides unified security scanning across multiple languages by integrating with language-specific security tools:
§SCA (Dependency Vulnerability Detection)
- Rust: cargo-audit (RustSec Advisory Database)
- JavaScript/TypeScript: npm audit
- Python: pip-audit / safety
- Go: govulncheck
- Java: dependency-check (OWASP)
§SAST (Source Code Security Analysis)
- Multi-language: OpenGrep / Semgrep (30+ languages)
- Python: Bandit
- Go: Gosec
- C/C++: Flawfinder
§Example
use linthis::security::{SecurityScanner, ScanOptions};
use std::path::PathBuf;
let scanner = SecurityScanner::new();
let options = ScanOptions {
path: PathBuf::from("."),
severity_threshold: Some("high".to_string()),
..Default::default()
};
let result = scanner.scan(&options).expect("Scan failed");
println!("Found {} vulnerabilities", result.vulnerabilities.len());Re-exports§
pub use report::format_security_report;pub use report::SecurityReport;pub use sast::SastAggregator;pub use sast::SastResult;pub use sast::SastScanOptions;
Modules§
Structs§
- Advisory
- Security advisory information
- Advisory
Database - Advisory database for caching and querying security advisories
- Affected
Package - Affected package information
- Scan
Options - Options for security scanning
- Scan
Result - Aggregated scan result
- Security
Scanner - Main security scanner that aggregates language-specific scanners
- Vulnerability
- A detected vulnerability in a dependency
Enums§
- Severity
- Severity level of a security vulnerability