xployt-static

A FastAPI-based static code scanning tool for detecting secrets and other patterns in codebases.

Features

• Scans codebases for secrets and other user-defined patterns.
• Extensible pattern system using JSON files.
• Simple REST API for integration.

Project Structure

• app/ - Main application code
  • main.py - FastAPI app and API endpoints
  • config.py - Configuration and pattern loading
  • file_walker.py - Codebase file traversal
  • match_engine.py - Pattern matching logic
  • schemas.py - Pydantic models for API
  • utils.py - Utility functions
• patterns/ - JSON pattern files (e.g., secrets.json)
• test/ - Test suite
• test-repos/ - Sample repositories for testing

API Usage

Scan Endpoint

POST /static/scan

Request Body:

{
  "path": "relative/path/to/codebase",
  "types": ["secrets"]
}

• path: Path to the codebase to scan (relative to STORAGE_PATH)
• types: List of scan types (corresponds to pattern JSON files)

Response:

{
  "matches": [
    {
      "pattern": "regex_pattern",
      "file": "file/path",
      "line": 42,
      "snippet": "matched line",
      "scan_type": "secrets"
    }
  ]
}

Configuration

• Set environment variables in .env or .env.sample:
  • STORAGE_PATH: Base directory for codebases (default: /mnt/shared/codebases)
  • PATTERN_DIR: Directory for pattern JSON files (default: app/patterns)

Adding Patterns

Add new JSON files in the patterns/ directory. Each file should contain regex patterns for a scan type.

Running Locally

1. Install dependencies:

   pip install -r requirements.txt
   

2. Set up your .env file.
3. Start the server:

   uvicorn app.main:app --reload