Awesome Open Source
Awesome Open Source

This document is also available in Portuguese.

Insider is the OSS CLI project from the Insider Application Security Team for the community.

Insider is focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline.

We currently support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

There is a Github Action that permits you protect your repository with Insider, free, easy to integrate and frictionless. It is the most easy way to protect your code directly on your repository. Take a look - Insider-Action


You can install Insider using precompiled binaries or from source.

Precompiled binaries

We have precompiled binaries for Linux, Windows and macOS operational systems that you can find here.

Have fun! 🚀


insider is the CLI project from the Insider Application Security Team for the community

  -exclude value
        Patterns to exclude directory or files to analyze. Can be used multiple times
  -jobs int
        Number of analysis to execute in parallel (default 4)
        Skips the report generation in the HTML format
        Skips the report generation in the JSON format
        No output logs of execution
  -security float
        Set the Security level, values between 0 and 100 (default 0)
  -target string
        Specify where to look for files to run the specific ruleset
  -tech string
        Specify which technology ruleset to load
  -v    Enable verbose output
        Show version and quit with exit code 0

Supported technologies:

Example of use:
        # Run JavaScript analysis on specific directoty
        insider -tech javascript -target <directory>

        # Run Android analysis on specific directoty and ignore html and json report
        insider -tech android -target <directory> -no-html -no-json

        # Run Java analysis on specific directoty with a base security value to fail
        insider -tech java -target <directory> -security 20

        # Run JavaScript analysis on specific directoty and exclude node_modules and test files
        insider -tech javascript -target <directory> -exclude tests/* -exclude node_modules/*


# Check the correct release for your environment
$ wget
$ tar -xf insider_2.1.0_linux_x86_64.tar.gz 
$ chmod +x insider
$ ./insider --tech javascript  --target <projectfolder>


You can also run insider in a container. You only need to mount the target into a volume:

$ docker run --rm -v $(pwd):/target-project insidersec/insider -tech <tech> -target /target-project




Building from source

To build Insider from source you'll need at least Go version 1.13 working.

$ go get


  • This work is licensed under MIT.

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Javascript (1,511,655
C Sharp (272,104
Go (194,137
Swift (93,607
Kotlin (59,374
Nodejs (53,830
Android (40,818
Ios (19,235
Cli (15,522
Dotnet (7,788
Maven (3,183
Security Tools (1,690
Static Analysis (959
Owasp (322
Security Scanner (227
Security Automation (220
Related Projects