Security-focused command line tool to scan Git repositories for potentially malicious code patterns
Project description
Insect Security Scanner
Insect is a security-focused command line tool designed to scan Git repositories for potentially malicious code patterns before execution. It uses a combination of static analysis, configuration checks, and metadata examination to identify security risks in code.
Features
- Multi-language support: Python, JavaScript, and Shell scripts
- Deep static analysis: Detects suspicious patterns and security vulnerabilities
- External tool integration: Works with Bandit, Semgrep, and ShellCheck
- Detailed reporting: Text, JSON, and interactive HTML outputs
- Performance optimization: Caching for faster re-scanning
- Flexible configuration: Customize analysis based on project needs
- Containerized scanning: Safe scanning of untrusted repositories in Docker containers
Installation
pip install insect
Or using pipenv:
pipenv install insect
Quick Start
Scan a Git repository and display findings:
insect scan /path/to/repository
Check status of external dependencies:
insect deps
Generate a detailed HTML report:
insect scan /path/to/repository -f html -o report.html
Safely scan a repository in a container before cloning:
insect clone https://github.com/example/repository
Development
Setup
# Clone the repository
git clone https://github.com/yourusername/insect.git
cd insect
# Setup development environment
pipenv install --dev
pipenv shell
# Install pre-commit hooks
pre-commit install
Testing
# Run tests
pytest
# Run tests with coverage
pytest --cov=insect
# Run tox to test across different Python versions
tox
Code Quality
# Format code
black .
isort .
# Lint code
ruff .
# Type checking
mypy .
Documentation
For comprehensive documentation, see our documentation index or explore:
- Usage Guide - Detailed instructions on using Insect
- Security Examples - Examples of security issues Insect can detect
- Advanced Usage - Advanced usage and customization options
- Container Scanning - Running Insect in Docker containers
- Use Cases - Real-world use cases and applications
- Contributing - Guide for contributing to Insect
Security Issues Insect Can Detect
Insect can detect a wide range of security issues, including:
- Command Injection: Unsafe command execution in Python, JavaScript, and Shell scripts
- Cross-Site Scripting (XSS): DOM manipulation vulnerabilities in JavaScript
- SQL Injection: Unsafe SQL query construction
- Hardcoded Secrets: API keys, tokens, and credentials in code
- Insecure Deserialization: Unsafe deserialization of untrusted data
- Path Traversal: Directory traversal vulnerabilities
- Obfuscated Code: Base64 encoded payloads and suspicious patterns
- Configuration Issues: Insecure default settings and misconfigurations
For examples of each type, see the Security Examples documentation.
Development
Insect uses tox for managing development environments and running tests. The project uses pipenv for dependency management.
Setup
-
Clone the repository:
git clone https://github.com/somasays/insect.git cd insect
-
Install pipenv and dependencies:
pip install pipenv pipenv install --dev
Available Tox Environments
tox -e all- Run all checks and tests (used in CI/CD)tox -e lint- Run only linting checks (ruff, black, isort)tox -e typecheck- Run only type checking (mypy)tox -e test- Run only tests with coveragetox -e dev- Quick development checks (lint + tests with fast failure)tox -e format- Auto-format code (black, isort)
Development Workflow
-
Quick feedback during development:
pipenv run tox -e dev
-
Format code:
pipenv run tox -e format
-
Run full test suite before committing:
pipenv run tox -e all
-
Run specific tests:
pipenv run tox -e test -- tests/unit/test_specific.py
Manual Commands (if needed)
If you prefer to run individual commands:
# Install dependencies
pipenv install --dev
# Run tests
pipenv run pytest tests/ --cov=insect
# Run linting
pipenv run ruff check src tests
pipenv run black --check src tests
pipenv run isort --check-only src tests
# Type checking
pipenv run mypy src tests
# Format code
pipenv run black src tests
pipenv run isort src tests
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file insect-0.1.1.tar.gz.
File metadata
- Download URL: insect-0.1.1.tar.gz
- Upload date:
- Size: 109.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
927943409663614cf964e3bcf794821975d32b4ac6c9a8bf80aac1bd91d96bcd
|
|
| MD5 |
58079000a4eac58f110ab18ec277255e
|
|
| BLAKE2b-256 |
f696e6c3194737df18f0adea14b3e0f92d0c15fbc1b442b67b22211761a3f262
|
File details
Details for the file insect-0.1.1-py3-none-any.whl.
File metadata
- Download URL: insect-0.1.1-py3-none-any.whl
- Upload date:
- Size: 122.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cda39c34d6bf3fb83ebe6489f8f30a2bac625cdd6c1663ba87d50affeb12b7b4
|
|
| MD5 |
ed0ab4d57e48917dcae51b51af28cf03
|
|
| BLAKE2b-256 |
6a1d26f2b37abd2a53cb5e4a318f533e2c27706cea130d28aba7c365402efa45
|
