CypherScan

CypherScan

By Gabriel Maheu

Scan uploaded files in Strapi for malware, exposed secrets, and risks before they reach production.

Latest version

v0.1.14

released July 11, 2026

npm install strapi-plugin-cypherscan

CypherScan for Strapi

Protect Strapi uploads before they reach production.

CypherScan securely scans every uploaded file using a presigned upload workflow and can automatically block suspicious or malicious files before they become available inside Strapi.


Features

  • Secure presigned upload workflow
  • Malware detection
  • Secret detection
  • Automatic malicious file blocking
  • Configurable fail-open / fail-closed behavior
  • Native Strapi integration
  • Configurable request timeout
  • Debug logging
  • Lightweight plugin architecture

Requirements

  • Strapi 5+
  • Node.js 20+
  • CypherScan API key

Installation

Install the plugin:

npm install strapi-plugin-cypherscan

Restart your Strapi application after installation.


Configuration

Configure your environment variables:

CYPHERSCAN_API_KEY=cs_xxxxxxxxxxxxxxxxx
CYPHERSCAN_BASE_URL=https://cyphernetsecurity.com

Restart Strapi after updating your environment.


How it works

When a file is uploaded:

  1. The plugin requests a presigned upload URL from the CypherScan API.
  2. The file is uploaded securely to temporary object storage.
  3. CypherScan scans the uploaded object.
  4. A scan verdict is returned.
  5. Clean files remain available.
  6. Suspicious or malicious files are automatically removed.

Architecture

User Upload
Strapi Upload Hook
Request Presigned Upload URL
Temporary Secure Upload
CypherScan Scan
Verdict
      ├── Clean ─────► Upload allowed
      └── Blocked ───► Upload removed

Example

Upload detected



Presigned Upload



CypherScan Scan



Verdict: Clean



File available inside Strapi

Fail Open / Fail Closed

CypherScan supports two operating modes.

Fail Open

Uploads continue if the scanning service is temporarily unavailable.

Recommended for development environments.

Fail Closed

Uploads are rejected when the scan cannot be completed.

Recommended for production environments requiring strict upload enforcement.


Debug Logging

When debug mode is enabled, the plugin logs:

  • File name
  • MIME type
  • File size
  • Presign request status
  • Upload status
  • Scan status
  • Scan verdict
  • Risk level
  • Scan ID
  • Upload decision

Tested

Validated with:

  • Clean uploads
  • Malware detection (EICAR)
  • API unavailable (failOpen=true)
  • API unavailable (failOpen=false)
  • Automatic blocked file removal
  • Strapi 5.x

Roadmap

  • Scan history
  • Detailed scan reports
  • Quarantine support
  • Policy-based upload rules

License

MIT License

Copyright (c) 2026 CypherNet Security Inc.

See the LICENSE file for details.


Built by CypherNet Security Inc.

Submit your content

Share your work with the community and get it listed in the Strapi ecosystem for everyone to discover and use.

Submit
Submit your content