ScodeScanner v3.1.0

ScodeScanner is an automated tool, created in purpose of finding the vulnerabilities inside the source code before commiting it into the production. This will help the developers to quickly identify the vulnerabilities and patch those vulnerabilities at Dev Time.

In Support Language

SCode Scanner now also supports YAML for kubernetes security misconfiguration. Upon finding any vulnerability, the SCodeScanner will generate results in JSON output file. SCodeScanner can scan complex RBAC Policies to find misconfigurations.

New Improved Features?

1) Supported PHP Language

2) Supported YAML Language

3) Pass results to bug tracking services like Jira also Slack (Sending files to group to multiple people at once).

4) Gives results in JSON format, which can easily be used to any other program.

5) Works with Rules. We only need to create some rules which the target rule is not present in php/yaml directory.

6) Rules that can scan advance patterns

How to run?

1) Download the repository

2) run pip install -r requirements.txt

3) python yaml –help

Addional Information


SCodeScanner hosted with GitHub. Head to the GitHub repository for downloads, bug reports, and features requests.


Would love your thoughts on this, and would be great to work with community.