Skip to content

Releases: securily/securily-security-headers

Version 1.0.0

26 May 23:25
@Mav55 Mav55
v1.0.0
aeda451
Compare
Choose a tag to compare
Version 1.0.0 Pre-release
Pre-release

Release Notes - Version 1.0.0

We are thrilled to announce the first release of the Security Headers Scanner tool, version 1.0.0! This initial version brings powerful security header analysis capabilities to help developers assess and troubleshoot the security configuration of their web applications. Here's what you can expect from this release:

Features

  • Header Analysis: The tool reads and analyzes common security headers, including Strict-Transport-Security and Content-Security-Policy, to assess their configuration.
  • OpenAI Integration: Utilizes the OpenAI API to provide intelligent prompts for configuring security headers, enhancing the accuracy and flexibility of the tool.
  • Configuration Management: Allows users to configure and customize the severity rating, reasoning, remediation steps, and possible values for each security header.
  • Verbose Output: Provides detailed information and feedback during the scanning process, enabling better understanding and troubleshooting.
  • Configuration Persistence: Stores the header configuration in a JSON file for easy reloading and persistence across multiple runs.
  • Results Reporting: Generates a JSON report of the header analysis results, including header status, severity, reasoning, and remediation steps.

Usage

To get started with the Security Headers Scanner, make sure you have the following requirements:

  • Python 3 or higher properly installed and running.
  • Recommended to run on Ubuntu or similar Linux distributions. Not tested on Amazon Linux.

Follow these steps to use the tool:

  1. Clone the repository: git clone https://github.com/securily/security-headers-scanner.git

  2. Obtain an API key from OpenAI by following the instructions provided in the README.

  3. Run the scanner: python security_headers_scanner.py -v -o <OPENAI_API_KEY>

Make sure to replace <OPENAI_API_KEY> with your actual OpenAI API key. The tool will analyze the security headers of the specified URL and generate a JSON report with the analysis results.

Contributing

We welcome your feedback and contributions to make the Security Headers Scanner even better. If you encounter any issues, have suggestions for improvements, or want to contribute new features, please don't hesitate to submit a pull request or open an issue in the GitHub repository.

License

The Security Headers Scanner is an open-source project released under the GNU General Public License v3.0. Feel free to use, modify, and distribute the tool in accordance with the license terms.

We hope that the Security Headers Scanner proves to be a valuable addition to your web application security toolkit. Stay tuned for future updates as we continue to enhance and expand the functionality of the tool.

Assets 2
Loading