| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 577 |
| Technical Name |
api_security_scanner |
| License | OPL-1 |
| Website | https://github.com/Odevmo |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 577 |
| Technical Name |
api_security_scanner |
| License | OPL-1 |
| Website | https://github.com/Odevmo |
🔍 Odoo API Security Scanner
Scan Custom Controllers for Common API Vulnerabilities
Audit your custom API endpoints using static AST-based security checks—directly inside Odoo.
📘 Overview
Odoo API Security Scanner is a developer-friendly tool that statically analyzes your custom modules for common security flaws in API-facing code. It is optimized for Odoo 18 and fully integrated into the backend UI.
- ✔️ Scans only custom-installed modules
- ✔️ No CLI required — run scans from the UI
- ✔️ Modular rule-based engine — easily extendable
- ✔️ Read-only and safe for production databases
🎥 Quick walkthrough of a Demo scan.
🔐 What It Detects
- eval() or exec() calls
- Public endpoints lacking ACL checks
- Use of sudo() in controllers
- Hardcoded secrets in Python code
- model.read() without explicit fields
All issues are stored and categorized by severity with source line and context.
🖼️ UI Screenshots
Launch scans directly from the backend
Issue form with full context and severity
❓ Frequently Asked Questions
- Which modules are scanned? Only custom, installed modules — to avoid false positives.
- Does it scan Odoo controllers only? Yes — the focus is on public route methods, not models.
- Can I add my own checks? Yes — the scanner engine is modular and easy to extend.
🔐 More Security Modules by Odevmo
API Security Scanner (v18)
Detect insecure Odoo API routes, hardcoded secrets, and evals using static code scanning.
View on Odoo Apps
Security Audit AI (v16–v18)
AI-powered static analyzer with exportable reports and customizable rules.
View on Odoo Apps
Security Scanner Suite (Free)
Run config-level checks: master password, HTTPS, logging, ACLs and more.
View on Odoo Apps⚖️ License
This module is published under the Odoo Proprietary License v1.0 (OPL-1).
📬 Contact
Need help or have a feature suggestion? Get in touch:
- 📧 Email: odevmo.contact@gmail.com
- 💼 LinkedIn: LinkedIn Page
- 📝 Contact Form: Submit via Google Form
We typically respond within 2 business days.
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module