finsec-scan
v1.1.0
Published
Security Scanner for Financial Applications - CLI tool for detecting vulnerabilities, secrets, and security issues in fintech codebases
Maintainers
eyrockscriptReadme
FinSecScan - AI-Powered Security Scanner for Financial Applications
🛡️ FinSecScan is a specialized CLI security scanner designed for financial technology applications. It detects vulnerabilities, secrets exposure, and compliance issues in modern and legacy codebases used in the financial sector.
🤖 NEW: Now with AI-powered analysis using Ollama! Get intelligent context analysis, false positive detection, automated fix suggestions, and executive reports.
📑 Table of Contents
- Prerequisites
- Quick Start
- Basic Usage Examples
- What's New
- Features
- Detection Categories
- Reporting Formats
- Configuration
- CLI Options
- AI Features Setup
- Real-World Examples
- Troubleshooting
- FAQ
- Development
- Contributing
- Security & Privacy
- Compliance
- Roadmap
- Support
- License
📋 Prerequisites
Before installing FinSecScan, make sure you have:
- Node.js version 14.0.0 or higher (Download here)
- npm or npx (comes with Node.js)
- (Optional) Ollama for AI-powered features:
- Ollama Local (Self-hosted, 100% private) - Install guide
- Ollama Cloud (Quick setup, no installation) - Sign up here
Check Your Node.js Version
node --version
# Should output v14.0.0 or higher🚀 Quick Start
Step 1: Installation
Choose one of the following methods:
Option A: Install Globally (Recommended)
npm install -g finsec-scanAfter installation, verify it works:
finsec-scan --versionOption B: Use with npx (No Installation Required)
Step 1: Install Ollama
npx finsec-scan ./my-projectStep 2: Run Your First Scan
Navigate to your project directory and run:
# Scan the current directory
finsec-scan .
# Or scan a specific project
finsec-scan /path/to/your/projectThat's it! FinSecScan will analyze your code and display security findings in your terminal.
💡 Basic Usage Examples
Example 1: Simple Scan
# Scan current directory
finsec-scan .What you'll get: A colored console output showing all security issues found.
Example 2: Save Results to a File
# Generate JSON report
finsec-scan . --format json --output report.json
# Generate HTML report (great for sharing)
finsec-scan . --format html --output report.htmlExample 3: Focus on Critical Issues Only
# Show only critical and high severity issues
finsec-scan . --severity highExample 4: Exclude Directories
# Exclude common directories
finsec-scan . --exclude "node_modules,dist,test,.git"✨ What's New in v1.1
🤖 AI-Powered Analysis (NEW!)
- Context Analysis: Ollama AI analyzes code context to reduce false positives by up to 70%
- False Positive Detection: Intelligent filtering of false positives with confidence scoring
- Auto-Fix Suggestions: AI-generated secure code fixes for vulnerabilities
- Business Impact Analysis: Financial and business impact assessment
- Executive Reports: Auto-generated executive summaries in plain language
- Custom Rule Generation: Create security rules from natural language descriptions
📋 Features
🎯 Multi-Technology Support
- JavaScript/TypeScript: Node.js, React, Angular, Express
- Progress/OpenEdge: Procedures (.p), Windows (.w), Classes (.cls)
- Configuration Files: JSON, YAML, ENV, Properties
- Web Technologies: HTML, PHP, JSP
- Database: SQL patterns, NoSQL configurations
🔍 Detection Categories
FinSecScan identifies security issues across multiple severity levels:
🚨 Critical Issues
- AWS/Azure/GCP credentials exposure
- Database passwords in code
- JWT secrets hardcoded
- Credit card numbers
- Social Security Numbers
- Cryptocurrency private keys
⚠️ High Severity
- SQL injection vulnerabilities
- Command injection risks
- XSS patterns
- Path traversal vulnerabilities
- Financial data in logs
- Missing authentication on financial APIs
⚡ Medium Severity
- Weak cryptographic algorithms
- Debug mode in production
- Insecure CORS policies
- Predictable transaction IDs
ℹ️ Low Severity
- Code quality issues
- Configuration recommendations
- Best practice violations
📊 Reporting Formats
FinSecScan supports multiple output formats to fit your workflow:
📺 Console Output (Default)
Rich terminal output with:
- Color-coded severity indicators
- File paths and line numbers
- Code snippets with context
- Remediation recommendations
Example:
finsec-scan .📄 JSON Report
Machine-readable format for integration with other tools.
Example:
finsec-scan . --format json --output report.jsonOutput structure:
{
"metadata": {
"scanPath": "/path/to/project",
"timestamp": "2025-07-28T10:30:00.000Z",
"duration": 2340,
"version": "1.0.0"
},
"stats": {
"filesScanned": 245,
"totalIssues": 12,
"severityCount": {
"critical": 2,
"high": 5,
"medium": 3,
"low": 2
}
},
"issues": [...]
}🌐 HTML Report
Interactive web-based report perfect for sharing with teams.
Example:
finsec-scan . --format html --output report.htmlFeatures:
- Executive dashboard with charts
- Filterable and searchable results
- Code snippets with syntax highlighting
- Compliance mapping (PCI-DSS, SOX, GDPR)
- Detailed remediation recommendations
- Export and print capabilities
⚙️ Configuration
Create a .finsec.yml file in your project root:
# Minimum severity level to report
severity: low
# Output format (console|json|html)
format: console
# Patterns to exclude from scanning
exclude:
- node_modules/**
- dist/**
- test/**
- "*.min.js"
# Custom rules to load
rules:
- default.yml
- fintech.yml
- progress.yml
# Report settings
report:
showContext: true
contextLines: 3
groupBySeverity: true
# AI Configuration (NEW!)
ai:
enabled: false # Set to true to enable AI features
ollama:
endpoint: http://localhost:11434
model: codellama:13b # Options: codellama:13b, llama3.1:8b, deepseek-coder:6.7b
temperature: 0.1
maxTokens: 4096
features:
contextAnalysis: true
falsePositiveDetection: true
autoFix: false # Use with caution
businessImpact: true
executiveReport: true
falsePositiveFilter:
enabled: true
confidenceThreshold: 0.75
cache:
enabled: true
maxSize: 1000
# Performance settings
performance:
maxFileSize: 5242880 # 5MB
timeout: 30000
concurrent: true
maxConcurrency: 4🔧 CLI Options
Basic Options
| Option | Description | Default |
|--------|-------------|---------|
| -f, --format <type> | Output format: json, html, or console | console |
| -o, --output <file> | Output file path | - |
| -r, --rules <file> | Custom rules file (.yml) | - |
| --severity <level> | Minimum severity: low, medium, high, or critical | low |
| --exclude <patterns> | Exclude patterns (comma-separated) | - |
| --config <file> | Configuration file (.finsec.yml) | .finsec.yml |
| --no-progress | Disable progress indicators | false |
| --verbose | Verbose output | false |
| --version | Show version information | - |
| -h, --help | Display help information | - |
AI Options (Requires Ollama)
| Option | Description | Default |
|--------|-------------|---------|
| --ai-analyze | Enable AI context analysis | false |
| --ai-explain | Generate AI explanations for issues | false |
| --ai-fix | Generate AI-powered fix suggestions | false |
| --ai-filter-fp | Use AI to filter false positives | false |
| --ai-report | Generate AI executive report | false |
| --ai-impact | Analyze business impact with AI | false |
| --ollama-endpoint <url> | Ollama API endpoint | http://localhost:11434 |
| --ollama-model <name> | Ollama model to use | codellama:13b |
Usage Examples
# Basic scan with JSON output
finsec-scan . --format json --output report.json
# High severity issues only, exclude tests
finsec-scan . --severity high --exclude "test,tests,__tests__"
# AI-powered scan with false positive filtering
finsec-scan . --ai-analyze --ai-filter-fp
# Full AI analysis with executive report
finsec-scan . --ai-analyze --ai-report --ai-impact --output full-report.json🏗️ Architecture
┌─────────────────────────────────────────────────────────────┐
│ FinSecScan CLI │
├─────────────────────────────────────────────────────────────┤
│ CLI Interface (Commander.js) │
├─────────────────────────────────────────────────────────────┤
│ Scanner Engine │
│ ├── File Discovery │
│ ├── Rule Engine (YAML-based) │
│ ├── Pattern Matching │
│ └── Issue Classification │
├─────────────────────────────────────────────────────────────┤
│ Report Generation │
│ ├── Console Reporter │
│ ├── JSON Reporter │
│ └── HTML Reporter │
├─────────────────────────────────────────────────────────────┤
│ Rule Sets │
│ ├── Default Rules (Web/API) │
│ ├── Progress/OpenEdge Rules │
│ └── Fintech-Specific Rules │
└─────────────────────────────────────────────────────────────┘📖 Rule Categories
Default Rules (default.yml)
- Secrets and credentials detection
- SQL injection patterns
- XSS vulnerabilities
- Command injection
- Cryptographic issues
- Authentication problems
Fintech Rules (fintech.yml)
- Credit card number detection
- Bank account information
- Payment processor credentials (Stripe, PayPal, Square)
- Financial calculation issues
- Investment data exposure
- Regulatory compliance (PCI-DSS, SOX)
Progress/OpenEdge Rules (progress.yml)
- Progress database security
- Query injection in 4GL
- WebSpeed vulnerabilities
- AppServer security
- Session management
- Business logic issues
🤖 AI Features Setup (Optional)
AI features in FinSecScan use Ollama to run large language models. You have two options:
🚀 Quick Comparison: Local vs Cloud
| Feature | Local (Self-Hosted) | Cloud (Ollama Cloud) | |---------|---------------------|----------------------| | Privacy | ✅ 100% private - code never leaves your machine | ⚠️ Code sent to Ollama's servers | | Setup | Requires installation and model download | Quick - just sign up and get API key | | Cost | Free | Paid plans available | | Performance | Depends on your hardware | Fast, scalable infrastructure | | Disk Space | Requires 4-8GB per model | None | | Best For | Privacy-sensitive projects, on-prem requirements | Quick start, teams, limited hardware |
Option 1: 🏠 Local Setup (Recommended for Privacy)
Your code stays on your machine - completely private and secure.
Step 1. Install Ollama
For Linux & macOS:
curl -fsSL https://ollama.com/install.sh | shFor Windows: Download from https://ollama.com/download
Step 2. Start Ollama Service
ollama serveNote: Keep this terminal window open, or run it in the background.
Step 3. Download a Model
Choose based on your needs:
| Model | Size | Speed | Accuracy | Best For | Command |
|-------|------|-------|----------|----------|---------|
| codellama:13b | 7.3GB | Medium | High | Code analysis, fix generation | ollama pull codellama:13b |
| llama3.1:8b | 4.7GB | Fast | Good | Explanations, reports | ollama pull llama3.1:8b |
| deepseek-coder:6.7b | 3.8GB | Fast | Good | Quick analysis | ollama pull deepseek-coder:6.7b |
Recommended for most users:
ollama pull codellama:13bFor faster scans or limited resources:
ollama pull llama3.1:8bStep 4. Verify Installation
ollama listYou should see your downloaded model in the list.
Step 5. Run Your First AI Scan
# Simple AI-powered scan
finsec-scan . --ai-analyze
# AI scan with false positive filtering
finsec-scan . --ai-analyze --ai-filter-fp
# Full AI analysis with report
finsec-scan . --ai-analyze --ai-filter-fp --ai-reportOption 2: ☁️ Cloud Setup (Ollama Cloud)
Quick and easy - no installation required! Perfect for getting started fast.
⚠️ Privacy Note: When using Ollama Cloud, your code will be sent to Ollama's servers for analysis. For sensitive financial code, consider using the local setup instead.
Step 1. Sign Up for Ollama Cloud
Visit https://ollama.com/cloud and create an account.
Step 2. Get Your API Key
After signing up:
- Navigate to your account settings
- Generate a new API key
- Copy the API key (keep it secure!)
Step 3. Configure FinSecScan
Set your Ollama Cloud API key as an environment variable:
Linux/macOS:
export OLLAMA_API_KEY="your-api-key-here"Windows (PowerShell):
$env:OLLAMA_API_KEY="your-api-key-here"Or create a .env file in your project:
OLLAMA_API_KEY=your-api-key-hereStep 4. Configure Cloud Endpoint
Update your .finsec.yml configuration:
ai:
enabled: true
ollama:
endpoint: https://api.ollama.com # Ollama Cloud endpoint
apiKey: ${OLLAMA_API_KEY}
model: codellama:13b
temperature: 0.1
maxTokens: 4096Or use CLI options:
# Run scan with Ollama Cloud
finsec-scan . --ai-analyze \
--ollama-endpoint https://api.ollama.com \
--ollama-model codellama:13bStep 5. Run Your First Cloud AI Scan
# Make sure your API key is set
export OLLAMA_API_KEY="your-api-key-here"
# Run AI-powered scan using cloud
finsec-scan . --ai-analyze --ai-filter-fp✅ Which Option Should You Choose?
Choose Local Setup if:
- 🔒 You're working with sensitive financial data
- 💰 You want to avoid ongoing costs
- 🏢 Your organization requires on-premises processing
- 💪 You have sufficient local hardware (8GB+ RAM recommended)
Choose Cloud Setup if:
- ⚡ You want to get started quickly
- 💻 You have limited local hardware resources
- 👥 You're working in a team and need consistent performance
- 🔄 You prefer managed infrastructure
Understanding AI Options
--ai-analyze: Uses AI to understand the context of your code and provide better analysis--ai-filter-fp: Reduces false positives by up to 70% using AI--ai-fix: Generates secure code suggestions to fix vulnerabilities--ai-report: Creates an executive summary in plain language--ai-impact: Analyzes the business impact of found vulnerabilities
📊 Real-World Examples
Example 1: Complete AI-Powered Scan
# Full scan with all AI features
finsec-scan ./my-banking-app \
--ai-analyze \
--ai-filter-fp \
--ai-report \
--ai-impact \
--format json \
--output security-report.json
# Output:
# ✓ Scanned 245 files
# ✓ Found 38 issues
# 🤖 AI filtered 12 false positives
# ✓ Final result: 26 real issues
# 📊 Executive report saved to: security-report.executive.mdExample 2: Generate Fixes
# Generate AI fixes for critical issues
finsec-scan ./payment-service \
--severity critical \
--ai-fix \
--output fixes.json
# Review generated fixes in fixes.jsonExample 3: CI/CD Integration
# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install FinSecScan
run: npm install -g finsec-scan
- name: Run Security Scan
run: |
finsec-scan . \
--format json \
--output security-report.json \
--severity high
- name: Upload Results
uses: actions/upload-artifact@v3
with:
name: security-report
path: security-report.json🔧 Troubleshooting
Common Issues and Solutions
Issue: "finsec-scan: command not found"
Solution:
# Check if npm global bin is in your PATH
npm config get prefix
# Add to your PATH (Linux/macOS)
echo 'export PATH="$(npm config get prefix)/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc
# Or reinstall globally
npm install -g finsec-scanIssue: AI features not working - "Cannot connect to Ollama"
For Ollama Local:
Check if Ollama is running:
curl http://localhost:11434/api/tagsIf this fails, start Ollama:
ollama serveVerify model is downloaded:
ollama listIf no models are listed:
ollama pull codellama:13bCheck Ollama endpoint:
# Use custom endpoint if Ollama is running on different port finsec-scan . --ai-analyze --ollama-endpoint http://localhost:YOUR_PORT
For Ollama Cloud:
Verify your API key is set:
echo $OLLAMA_API_KEY # Should display your API keyIf empty, set it:
export OLLAMA_API_KEY="your-api-key-here"Check cloud endpoint:
finsec-scan . --ai-analyze --ollama-endpoint https://api.ollama.comVerify your account has credits/active subscription: Visit https://ollama.com/cloud and check your account status.
Issue: Scan is very slow
Solutions:
Exclude unnecessary directories:
finsec-scan . --exclude "node_modules,dist,build,.git,coverage"Disable AI features for faster scan:
finsec-scan . # Traditional scan without AIUse a lighter AI model:
ollama pull llama3.1:8b finsec-scan . --ai-analyze --ollama-model llama3.1:8b
Issue: Too many false positives
Solutions:
Use AI false positive filtering:
finsec-scan . --ai-analyze --ai-filter-fpAdjust severity level:
finsec-scan . --severity high # Show only high and criticalCreate custom configuration: Create a
.finsec.ymlfile to customize rules and exclusions.
Issue: "Error: EACCES: permission denied"
Solution:
# Fix npm permissions (Linux/macOS)
sudo chown -R $(whoami) ~/.npm
sudo chown -R $(whoami) /usr/local/lib/node_modules
# Or use npx instead (no installation needed)
npx finsec-scan .Issue: Out of memory errors with AI features
Solutions:
Use a smaller model:
ollama pull deepseek-coder:6.7b finsec-scan . --ai-analyze --ollama-model deepseek-coder:6.7bScan smaller portions:
finsec-scan ./src --ai-analyze finsec-scan ./api --ai-analyzeDisable AI caching: Create
.finsec.yml:ai: cache: enabled: false
❓ FAQ
General Questions
Q: Is FinSecScan free to use? A: Yes! FinSecScan is open-source and free under the MIT license.
Q: Does FinSecScan send my code to external servers? A: By default, no. All scanning is performed locally on your machine. If you use Ollama Local (recommended), AI features also run locally. However, if you choose Ollama Cloud, your code will be sent to Ollama's servers for AI analysis.
Q: What programming languages are supported? A: FinSecScan supports JavaScript, TypeScript, Progress/OpenEdge, PHP, HTML, SQL, and configuration files (JSON, YAML, ENV). It's particularly optimized for financial applications.
Q: How long does a scan take? A: Traditional scans are very fast (seconds to a few minutes). AI-powered scans take longer depending on the model and number of issues found (typically 2-10 minutes for medium projects).
AI Features
Q: Do I need to use AI features? A: No, AI features are completely optional. Traditional scanning works great without AI.
Q: Which AI model should I use?
A: For best accuracy, use codellama:13b. For faster scans or limited resources, use llama3.1:8b. See the AI Models Comparison section.
Q: How much disk space do AI models require? A: Models range from 3.8GB (deepseek-coder) to 7.3GB (codellama). Make sure you have at least 10GB free.
Q: Can I use multiple models?
A: Yes, you can download multiple models and switch between them using the --ollama-model option.
Q: Will AI features slow down my scan? A: Yes, AI analysis takes longer but provides better accuracy and fewer false positives. Use traditional scanning for quick checks.
Q: What's the difference between Ollama Local and Ollama Cloud? A: Ollama Local runs AI models on your machine (100% private, free, requires disk space). Ollama Cloud runs on Ollama's servers (faster setup, no local resources needed, but code is sent to their servers). See the comparison table for details.
Q: Is my code safe when using Ollama Cloud? A: When using Ollama Cloud, your code is sent to Ollama's servers for processing. For sensitive financial code or compliance requirements, we recommend using the local setup instead to keep all data on-premises.
Q: Can I switch between Ollama Local and Cloud?
A: Yes! You can switch anytime by changing the --ollama-endpoint parameter. Use http://localhost:11434 for local or https://api.ollama.com for cloud.
Q: Do I need to pay for Ollama Cloud? A: Ollama Cloud offers paid plans. Check https://ollama.com/cloud for current pricing. Local Ollama is always free.
Q: Which is faster: Local or Cloud? A: Cloud is typically faster if you have limited local hardware. However, with a good local machine (8GB+ RAM), local can be just as fast and is more private.
Integration & CI/CD
Q: Can I use FinSecScan in CI/CD pipelines? A: Yes! See the CI/CD Integration example in the documentation.
Q: Can I customize the security rules?
A: Yes, you can create custom rule files in YAML format and use them with --rules custom-rules.yml.
Q: Can I export results to other tools? A: Yes, FinSecScan can export to JSON format which can be imported into most security tools and dashboards.
Q: How do I fail CI builds on critical issues?
A: Use the --severity flag and check the exit code:
finsec-scan . --severity critical --format json --output report.json
if [ $? -ne 0 ]; then exit 1; fiCompliance & Security
Q: Does FinSecScan help with PCI-DSS compliance? A: Yes, FinSecScan includes rules for detecting PCI-DSS violations like hardcoded credit card numbers and payment processor credentials.
Q: Can FinSecScan detect all security vulnerabilities? A: No security tool can detect 100% of vulnerabilities. FinSecScan should be part of a comprehensive security strategy including code reviews, penetration testing, and secure development practices.
Q: How often are the rules updated? A: Rules are updated regularly. Keep FinSecScan updated to get the latest security rules:
npm update -g finsec-scanTroubleshooting
Q: Why am I getting so many false positives?
A: Use --ai-filter-fp to reduce false positives by up to 70%, or adjust --severity to focus on critical issues.
Q: FinSecScan is not finding issues in my code. Is something wrong?
A: This could mean your code is secure! Try using --verbose to see what's being scanned. You can also test with the included examples:
finsec-scan ./examples --verboseQ: Can I contribute new security rules? A: Yes! We welcome contributions. See the Contributing section.
🛠️ Development
Local Development
# Clone the repository
git clone https://github.com/eyrockscript/finsec-scan.git
cd finsec-scan
# Install dependencies
npm install
# Run tests
npm test
# Run linter
npm run lint
# Test CLI locally
node bin/cli.js ./examples
# Test with AI (requires Ollama)
node bin/cli.js ./examples --ai-analyze --verboseProject Structure
finsec-scan/
├── bin/cli.js # CLI entry point
├── src/
│ ├── scanner.js # Core scanner engine
│ ├── reporters/ # Report generators
│ ├── rules/ # Rule loading system
│ └── utils/ # Utility modules
├── rules/ # Security rule definitions
├── templates/ # Report templates
├── examples/ # Test cases
└── docs/ # Documentation🤝 Contributing
We welcome contributions from the community! Here's how you can help:
Ways to Contribute
1. Report Bugs or Issues
Found a bug? Open an issue with:
- Clear description of the problem
- Steps to reproduce
- Expected vs actual behavior
- Your environment (OS, Node.js version, FinSecScan version)
2. Suggest New Features
Have an idea? Open a feature request with:
- Description of the feature
- Use cases and benefits
- Example usage (if applicable)
3. Contribute Code
Quick Start:
# Fork and clone the repository
git clone https://github.com/YOUR_USERNAME/finsec-scan.git
cd finsec-scan
# Install dependencies
npm install
# Make your changes
# ...
# Run tests
npm test
# Run linter
npm run lint
# Test locally
node bin/cli.js ./examplesAreas for Contribution:
- 🛡️ New security rules
- 🌐 Additional language support
- 📊 Report format improvements
- ⚡ Performance optimizations
- 📖 Documentation enhancements
- 🤖 AI model improvements
4. Improve Documentation
- Fix typos or unclear sections
- Add examples
- Translate to other languages
- Create tutorials or guides
Contribution Guidelines
- Fork the repository
- Create a branch for your feature (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to your branch (
git push origin feature/amazing-feature) - Open a Pull Request
Code Style
- Use ESLint configuration provided in the project
- Write clear commit messages
- Add tests for new features
- Update documentation as needed
🔒 Security & Privacy
Privacy First
- 100% Local Processing: All scanning happens on your machine
- No Data Transmission: Your code never leaves your computer
- No Telemetry: We don't collect any usage data
- Open Source: Full transparency - review the code yourself
Security Practices
- Minimal Dependencies: Reduced attack surface
- Regular Updates: Security patches and rule updates
- Secure by Design: Following security best practices
Reporting Security Vulnerabilities
If you discover a security vulnerability, please email [email protected] directly instead of opening a public issue.
🏆 Compliance
FinSecScan helps organizations meet various compliance requirements:
- PCI DSS: Payment card data protection
- SOX: Financial reporting controls
- GDPR: Personal data protection
- OWASP: Web application security
🎯 Roadmap
✅ Completed
- [x] Core security scanning engine
- [x] Multiple report formats (JSON, HTML, Console)
- [x] Compliance mapping (PCI-DSS, SOX, GDPR, OWASP)
- [x] AI context analysis with Ollama
- [x] False positive detection using AI
- [x] Auto-fix generation
- [x] Executive reports
🚧 In Progress
- [ ] Performance optimizations for large codebases
- [ ] Enhanced AI models fine-tuning
📅 Planned
- [ ] IDE Plugins
- VS Code extension
- IntelliJ IDEA plugin
- Sublime Text plugin
- [ ] Integrations
- GitHub App for automatic PR scanning
- GitLab CI integration templates
- Jenkins plugin
- [ ] Features
- Real-time scanning during development
- Custom model fine-tuning for specific codebases
- Multi-language support for reports (Spanish, French, German)
- Interactive CLI with TUI
- Automated remediation (with user approval)
Want to contribute to the roadmap? Open a discussion!
💬 Support
Getting Help
- 📖 Documentation: You're reading it! Check the FAQ and Troubleshooting sections
- 🐛 Bug Reports: GitHub Issues
- 💡 Feature Requests: GitHub Discussions
- 📧 Email: [email protected]
Community
- GitHub: @eyrockscript
- Star the repo: If you find FinSecScan useful, please ⭐ star the repository!
Response Time
- Issues: Usually responded to within 48 hours
- Pull Requests: Reviewed within 1 week
- Security Issues: Addressed immediately
📄 License
This project is licensed under the MIT License.
What this means:
- ✅ Commercial use allowed
- ✅ Modification allowed
- ✅ Distribution allowed
- ✅ Private use allowed
- ℹ️ License and copyright notice required
See the LICENSE file for full details.
🙏 Acknowledgments
FinSecScan is made possible by:
- Ollama - Local AI inference engine
- The Fintech Community - For inspiration and feedback
- Open Source Contributors - Thank you for your contributions!
- Security Researchers - For discovering and reporting vulnerabilities
Special Thanks
This tool was born from the need for specialized security scanning in financial technology environments, where legacy systems meet modern web applications.
📊 Project Stats
Built with ❤️ by Eliud Trejo
⭐ Star this repo | 🐛 Report Bug | 💡 Request Feature
If FinSecScan helps secure your code, please consider giving it a star! ⭐