This SDK is designed to provide all the basic tools and functions that will allow you to easily integrate the Bright security testing engine into your own project.
With the SDK you can:
- Work with the Bright scan engine, without leaving your IDE
- Build automations within your CI or local machine for security testing
- Create your own framework/project specific wrappers (you can see some examples in the Documentation section)
Bright is a developer-first Dynamic Application Security Testing (DAST) scanner.
SecTester is a new tool that integrates our enterprise-grade scan engine directly into your unit tests.
With SecTester you can:
- Test every function and component directly
- Run security scans at the speed of unit tests
- Find vulnerabilities with no false positives, before you finalize your Pull Request
Trying out Bright’s SecTester is free 💸, so let’s get started!
⚠️ DisclaimerThe SecTester project is currently in beta as an early-access tool. We are looking for your feedback to make it the best possible solution for developers, aimed to be used as part of your team’s SDLC. We apologize if not everything will work smoothly from the start, and hope a few bugs or missing features will be no match for you!
Thank you! We appreciate your help and feedback!
First install the module via yarn
or npm
and do not forget to install the peer dependencies as well:
$ npm i -s @sectester/runner \
@sectester/bus \
@sectester/core \
@sectester/repeater \
@sectester/reporter \
@sectester/scan
or
$ yarn add @sectester/runner \
@sectester/bus \
@sectester/core \
@sectester/repeater \
@sectester/reporter \
@sectester/scan
- Register for a free account at Bright signup
- Optional: Skip the quickstart wizard and go directly to Personal API key creation
- Create a Bright API key (check out our doc on how to create a personal key)
- Save the Bright API key
- We recommend using your Github repository secrets feature to store the key, accessible via the
Settings > Security > Secrets > Actions
configuration. We use the ENV variable calledBRIGHT_TOKEN
in our examples - More info on how to use ENV vars in Github actions
- We recommend using your Github repository secrets feature to store the key, accessible via the
Full configuration & usage examples can be found in our demo project.
- Full documentation available at: https://docs.brightsec.com/
- A demo project can forked from: https://github.com/NeuraLegion/sectester-js-demo
- Join our Discord channel and ask anything!
Please read contributing guidelines here.
Copyright © 2022 Bright Security.
This project is licensed under the MIT License - see the LICENSE file for details.