Betterscan

Betterscan rewrite in Go. Only as CLI with new features. Packaged now as a Go-based scanner runner with sequential/parallel execution, normalized findings, and optional LLM enrichment for JSON, SARIF, and HTML outputs.

Get Started go build -o checkmate-go .
🚀 Parallel Execution

Core-limited worker pool for concurrent scans. Supports OpenGrep, Trivy, Bandit, Brakeman, and more.

🤖 LLM Enrichment

Enhance security findings with AI context using OpenAI-compatible endpoints and swappable models.

📋 Normalized Output

Unified JSON/SARIF/HTML formats with smart deduplication and finding collapsing.

Usage Examples

# Run parallel scan with 8 jobs

./checkmate-go --code-dir ./src --strategy parallel --jobs 8

# Full report with LLM enrichment

./checkmate-go \ --code-dir ./project \ --llm-enrich \ --llm-model gpt-4o-mini \ --sarif-out results.sarif \ --html-out results.html

Strategies & Tools

  • ✓ Sequential: Predictable one-by-one execution.
  • ✓ Parallel: High-speed concurrent worker pool.
  • ✓ Auto-Install: Install missing tools via --install-missing.

Deployment Ready

Ready-to-use templates for cloud-scale scanning:

Cloud Run Jobs ECS/Fargate