Horusec is an open source tool that performs static code analysis to detect security vulnerabilities during the project development process.
Currently, the programming languages for analysis are: C #, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart.
The project has many options for it search key leaks and security flaws in all your program files, as well as in your Git history.
Horusec can be used via CLI on CI / CD.
Project roadmap
The developers report:
We started the project to focus on our company, but as the search grew, we chose to apply different practices and make it accessible to everyone.
In order to achieve our goals, we have divided into certain phases delivery:
- Phase 0: Support for all horusec-cli features in horusec-vscode (Q1)
- Phase 1: Support for Theia (VsCode Web) (Q1)
- Phase 2: Support Flutter, Dart, Bash, Shell, Elixir, Cloujure e Scala in resolution (Q1)
- Phase 3: New service for administrator vulnerabilities (Q2)
- Phase 4: Dependency analysis for all supported programming languages (Q3)
- Phase 5: SAST with MVP semantic analysis (Q4)
- Phase 6: DAST with symbolic MVP analysis (Q4)
Installation
To see more details on how to install the program, go to here.
Use
To use horusec-cli and check your vulnerabilities
horusec start
To obtain the warranty badge and to be able to see your vulnerabilities in detail in our table see more details from here
WARNING : When horusec starts an analysis it creates a folder called .horusec.
he envelope serves as base for not changing your password. So we suggest you add the .horusec line to your .gitignore file so that folder doesn't need to be sent to the git server!
Requirements for the use of horusec-cli
- Docker
- git (Required if you use search throughout the project git history)
Use topically
To use horusec, download horusec locally on your machine and run it
make install
then run it HORUSEC-CLI to start the analysis.
More information about the program, you will find here.