Magento Security Scan Tool

This is Magento's official security scanning tool and works for both Magento 1 and Magento 2.

You can get more info from their blog post.

Setup

  1. You first need to setup an account with Magento if you don't already have one: create account
  2. You then need to navigate to the scanner section of your Magento account and click the "GO TO SECURITY SCANNER" button: scanner
  3. Agree to the terms and conditions (if you're happy to do so).
  4. Click "+ ADD SITE".
  5. Follow the steps outlined on the add site page and click "SUBMIT":

    • Verify site ownership

    verify site ownership

    • Setup SSH Scan (this is marked as coming soon for now so skip this step)

    • Setup automatic scan.

    setup automatic scan

  6. You should now be able to run a scan from the scanner page in your account: scanner

    run report