This produces a detailed report and an SBOM file ( sbom.json ).
A typical Jenkins or GitLab CI workflow can insert a NESCA scanner step after image build but before registry push. For instance: nesca scanner
The Nesca scanner offers a range of benefits that make it an attractive option for individuals and organizations. Some of the key benefits include: This produces a detailed report and an SBOM file ( sbom
: Designed for scanning the "entire Internet" to find specific services or vulnerabilities. Some of the key benefits include: : Designed
security-scan: stage: test script: - nmap -sV --script vuln -oX nmap-report.xml $TARGET_HOST - | if grep -q "VULNERABLE" nmap-report.xml; then echo "Critical vulnerability found!" exit 1 fi only: - main
Finally, the NESCA scanner evaluates findings against a user-defined policy (e.g., "fail if any critical secret is exposed" or "warn on outdated npm packages older than 6 months"). It outputs results in SARIF, JSON, or JUnit XML for CI/CD integration.