Skip to content

Vuxyn/omni-scan

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

🔒 OmniScan

All-in-One DevSecOps pipeline. Zero config. Fully free.

License: MIT GitHub Actions Security: DevSecOps Mode: Community


Detect secrets, vulnerable dependencies, and code vulnerabilities — automatically, on every push and pull request.

Secret Scan   →  Gitleaks
Dependency    →  npm / pip / composer audit
Code Quality  →  Semgrep
Notification  →  Telegram

Quick Start

1. Copy dua file ke repo kamu:

cp .github/workflows/omniscan.yml your-repo/.github/workflows/
cp .omniscan.yml your-repo/

2. Pilih mode di .omniscan.yml:

mode: community   # tidak perlu API key apapun

notify:
  telegram: ${{ secrets.TELEGRAM_TOKEN }}

gate:
  block_on: high

3. Push:

git add . && git commit -m "feat: add OmniScan" && git push

Pipeline langsung jalan. ✅


Dual Mode

Community Power
Secret Scan (Gitleaks)
Dependency Scan npm/pip audit Snyk
Code Quality Semgrep SonarCloud
Private repo
API key required
Biaya Gratis Gratis*

*Gratis untuk public repo


Docs


Roadmap

  • Community Mode — Gitleaks + audit + Semgrep
  • Auto-detect framework (Next.js, Laravel, Python, dll.)
  • Quality gate — block merge otomatis
  • Notifikasi Telegram
  • Power Mode — Snyk + SonarCloud
  • GitHub App — install 1 klik tanpa copy file
  • PR comment otomatis dengan detail hasil scan
  • Web dashboard

Contributing

Kontribusi sangat disambut!

git clone https://github.com/vuxyn/omni-scan.git
cd omni-scan

# Buat branch baru
git checkout -b feature/your-feature

# Submit Pull Request

Lihat CONTRIBUTING.md untuk panduan lengkap.


License

MIT — bebas digunakan, dimodifikasi, dan didistribusikan.

About

All-in-One DevSecOps Pipeline — Scan Everything, Ship Safely.

Resources

License

Contributing

Stars

2 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages