Maeris logo
Get started for free

Security Profiles & Reports

Maeris provides a library of specialized scan profiles that target specific security domains, compliance frameworks, and accessibility standards. Each profile runs a tailored set of checks and produces a structured report with evidence and remediation guidance.

Available Scan Profiles

Specify a profile with the --profile flag:

maeris scan security --profile <profile-name>

General Security Profiles

  • owasp_top10_static — Full OWASP Top 10 (2021) static analysis. The default profile. Covers all 10 categories with AI-guided context analysis.
  • deep_security — Extended OWASP scan plus business logic flaws, race condition risks, and dependency chain analysis. Takes 10–20 minutes on large projects.
  • api_static — Focused on REST API security: authentication bypass, insecure direct object references, mass assignment, rate limiting absence, and sensitive data in responses.
  • sast_static — Pure SAST (Static Application Security Testing) focused on code-level vulnerabilities: injection, insecure deserialization, path traversal, and weak cryptography.
  • auth_session_static — Dedicated analysis of authentication and session management: JWT handling, cookie security flags, session fixation, brute-force protection, and OAuth2 misconfigurations.
  • data_exposure_static — Checks for sensitive data exposure: PII in logs, unmasked credentials, over-permissive API responses, and missing data encryption at rest indicators.
  • infra_static — Infrastructure-as-code security for Dockerfile, docker-compose, Kubernetes YAML, Terraform, and CI/CD workflow files.
  • all_static — Runs all of the above static profiles in sequence and produces a unified combined report.

GIGW Compliance Profiles

  • gigw_compliance — Validates compliance with the Guidelines for Indian Government Websites (GIGW). Checks mandatory page elements, link validity, language support, and content standards.
  • gigw_code_security — GIGW-specific code security checks: secure headers, HTTPS enforcement, certificate pinning guidance, and dependency security.
  • gigw_accessibility — GIGW accessibility requirements aligned with WCAG 2.1 AA: alternative text, keyboard navigation, color contrast, and screen reader compatibility.

Running a Specific Profile

# Run OWASP Top 10 (default) maeris scan security --profile owasp_top10_static # Run API-focused security scan maeris scan security --profile api_static # Run full GIGW compliance check maeris scan security --profile gigw_compliance # Run all profiles in sequence maeris scan security --profile all_static

Exporting Security Reports

After a scan, export the results in your preferred format:

# Export as HTML report (visual, shareable) maeris report security --format html --output security-report.html # Export as JSON (for programmatic consumption) maeris report security --format json --output security-findings.json # Export as CSV (for spreadsheet analysis) maeris report security --format csv --output findings.csv

HTML reports include a severity summary dashboard, code snippets with highlighted vulnerable lines, and clickable remediation links.

Evidence and Remediation Guidance

Every finding in a Maeris security report includes:

Evidence

The exact file path and line number where the issue was found, plus a code snippet showing the vulnerable pattern in context.

Severity Classification

Each finding is rated Critical, High, Medium, Low, or Informational based on the CVSS scoring model and the finding's exploitability in context.

Remediation Guidance

AI-generated fix suggestions specific to your code — not generic advice. Where possible, a corrected code snippet is provided alongside the vulnerable one.

Next Steps

To run WCAG accessibility scans specifically, see the WCAG Accessibility Scanning guide.