SecureForge

Enterprise Security Scanning Tool - Cross-platform security orchestrator for SAST, SCA, and secret detection.

Features

Single Binary - No dependencies, ~7.5MB for Linux/macOS/Windows
Multiple Scanners - Semgrep (SAST), Trivy (SCA), TruffleHog (Secrets), SpotBugs (Java)
Quality Gates - Configurable thresholds with pass/fail for CI/CD
Report Formats - JSON, HTML (Chart.js), PDF, SARIF (GitHub/Forgejo)

Quick Install

# Linux
curl -sL https://github.com/krisk248/secureforge/releases/latest/download/secureforge-linux-amd64 -o secureforge
chmod +x secureforge && sudo mv secureforge /usr/local/bin/

# macOS
curl -sL https://github.com/krisk248/secureforge/releases/latest/download/secureforge-darwin-amd64 -o secureforge
chmod +x secureforge && sudo mv secureforge /usr/local/bin/

# Docker
docker pull ghcr.io/krisk248/secureforge:latest

Quick Start

# Install required scanners
pip install semgrep
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin

# Check tools
secureforge tools check

# Initialize config
secureforge init

# Run scan
secureforge scan

Documentation

📖 Quick Start Guide - Complete step-by-step setup guide

📚 Full Documentation (Wiki)

CI/CD Integration

# GitHub Actions / Forgejo
- name: Security Scan
  run: |
    curl -sL https://github.com/krisk248/secureforge/releases/latest/download/secureforge-linux-amd64 -o secureforge
    chmod +x secureforge
    ./secureforge scan -f sarif -o ./reports

- uses: github/codeql-action/upload-sarif@v2
  with:
    sarif_file: ./reports/secureforge.sarif

Exit Codes

Code	Meaning
0	Success
1	Error
2	Threshold exceeded
3	Partial failure

License

MIT

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
.github/workflows		.github/workflows
cmd/secureforge		cmd/secureforge
configs		configs
docs		docs
internal		internal
pkg/models		pkg/models
test-reports/v2025.12.17.1910		test-reports/v2025.12.17.1910
wiki		wiki
.gitignore		.gitignore
.secureforge.yaml		.secureforge.yaml
Dockerfile		Dockerfile
Makefile		Makefile
README.md		README.md
go.mod		go.mod
go.sum		go.sum

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SecureForge

Features

Quick Install

Quick Start

Documentation

CI/CD Integration

Exit Codes

License

About

Uh oh!

Releases 3

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

SecureForge

Features

Quick Install

Quick Start

Documentation

CI/CD Integration

Exit Codes

License

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases 3

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages