Skip to content

KevinDeBenedetti/web-check

BranchesTags

Repository files navigation

web-check

CI/CD

Docker-based security scanning toolkit with a FastAPI REST API and an interactive CLI (my-check) for web and Kubernetes infrastructure security checks.

Features

  • REST API orchestrating ZAP, Nuclei, Nikto, and FFUF behind a single interface
  • Interactive CLI wizard (my-check) for web and Kubernetes security scans
  • Scan history and result management with SQLite
  • SARIF 2.1 output for GitHub Code Scanning integration
  • Multiple output formats: terminal, JSON, HTML, webhook
  • Optional scanner sidecars via Docker Compose profiles (e.g. FFUF)

Prerequisites

  • Docker + Docker Compose v2
  • uv — Python package manager

Installation

git clone https://github.com/KevinDeBenedetti/web-check.git
cd web-check
cp .env.example .env

Usage

# Start the API + all scanner sidecars
docker compose up -d

# API Swagger UI
open http://localhost:8001/docs

# Interactive CLI wizard
make cli

# Non-interactive web scan
uv run my-check web https://example.com

# Non-interactive Kubernetes scan
uv run my-check k8s --context my-cluster

→ Full usage guide: docs

Documentation

Full documentation is available at https://kevindebenedetti.github.io/web-check/. It is generated from the docs/ directory and published automatically on push.

About

A comprehensive, Docker-based security scanning toolkit for web applications. Run multiple industry-standard security tools with a single command.

Topics

nuclei nikto owasp-zap fastapi ffuf testssl-sh

Resources

Readme

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 1

v0.1.1 Latest
Jan 13, 2026

Contributors

Languages