Higher Quality, Stronger Performance, Increased Stability, Better Developer Experience, discover everything we've shipped recently!

Search icon
Strapi plugin logo for CypherScan

CypherScan

Scan uploaded files in Strapi for malware, exposed secrets, and risks before they reach production.

Install now

CypherScan Strapi Plugin

Scans uploaded files immediately after upload — before they are trusted by downstream systems.

The plugin helps detect:

  • malware
  • exposed secrets
  • leaked API keys
  • suspicious payloads
  • unsafe embedded content

before files continue through production workflows.

Marketplace

Available on the official Strapi Marketplace:

https://market.strapi.io/plugins/strapi-plugin-cypherscan

Example Result

CypherScan demo

What it does

The plugin hooks into the Strapi upload lifecycle and scans files immediately after upload.

Instead of relying only on:

  • mime-type validation
  • file extensions
  • upload size limits

it adds a deeper analysis layer before files are processed elsewhere in the application.

Why this matters

Many systems validate upload structure — not operational risk.

Unsafe files can still:

  • move through backend workflows
  • reach storage systems
  • enter moderation pipelines
  • trigger downstream processing
  • expose secrets or embedded payloads

CypherScan shifts part of this validation earlier in the pipeline.

Upload Flow

  1. File is uploaded through Strapi
  2. Strapi stores the file locally
  3. Plugin hooks into afterCreate
  4. File is sent to the CypherScan API
  5. API returns a structured security analysis

Where it hooks

The plugin hooks into the Strapi upload lifecycle (afterCreate).

At this stage:

  • the upload already exists locally
  • the file is accessible in /public/uploads
  • downstream systems have not processed it yet

This creates an opportunity to analyze the file before it is trusted further in the workflow.

Example API Call

const res = await fetch("https://cyphernetsecurity.com/api/v1/scan", {
  method: "POST",
  headers: {
    Authorization: `Bearer ${process.env.CYPHERSCAN_API_KEY}`,
  },
  body: formData,
});

The API returns a structured security verdict for the uploaded file.

Returned Security Data

Structured results can include:

  • verdict (clean, suspicious, malicious)
  • risk level
  • score
  • traceId
  • findings
  • exposed secret detection
  • malware indicators
  • summary

Installation

Install the plugin:

npm install strapi-plugin-cypherscan

Environment Variables

CYPHERSCAN_API_KEY=cs_xxxxx
CYPHERSCAN_BASE_URL=https://cyphernetsecurity.com

Restart your Strapi application after configuration.

Quick Start

  1. Install plugin
  2. Configure API key
  3. Upload a file through Strapi
  4. View structured scan results

Demo

https://youtu.be/zRk-9Es7mwA

API Documentation

https://cyphernetsecurity.com/docs/api

Status

  • Live API
  • Public marketplace distribution
  • Production-tested integration flow
  • Active onboarding and ecosystem distribution

Install now

npm install strapi-plugin-cypherscan

Install now

STATS

2 GitHub stars425 weekly downloads

Last updated

2 days ago

Strapi Version

5.42.1 and above

Useful links

npmback arrowGitHubback arrow
Report an issue

Create your own plugin

Check out the available plugin resources that will help you to develop your plugin or provider and get it listed on the marketplace.

Get started
Need help building a plugin?