Horusec is an open source tool that performs static code analysis to detect security vulnerabilities during the project development process.
The project has many options for searching for key leaks and security vulnerabilities in all your program files, as well as in the Git history.
Horusec can be used via CLI on CI / CD.
The developers report:
We started the project to focus on our company, but as the search grew, we chose to apply different practices and make it accessible to everyone.
In order to achieve our goals, we have divided into certain phases of delivery:
- Phase 0: Support for all horusec-cli features in horusec-vscode (Q1)
- Phase 1: Support for Theia (VsCode Web) (Q1)
- Phase 2: Support Flutter, Dart, Bash, Shell, Elixir, Cloujure e Scala in resolution (Q1)
- Phase 3: New service for administrator vulnerabilities (Q2)
- Phase 4: Dependency analysis for all supported programming languages (Q3)
- Phase 5: SAST with MVP semantic analysis (Q4)
- Phase 6: DAST with symbolic MVP analysis (Q4)
To see more details on how to install the program, go to here.
To use horusec-cli and check your vulnerabilities
To obtain the warranty badge and to be able to see your vulnerabilities in detail in our table see more details from here.
WARNING : When horusec starts an analysis it creates a folder called .horusec.
This folder serves as a basis for not changing your password. We therefore recommend that you add the .horusec bar to your .gitignore file so that this folder does not have to be sent to the git server!
Requirements for the use of horusec-cli
- git (Required if you use search throughout the project git history)
To use horusec, download horusec locally on your machine and run it
then run it HORUSEC-CLI to start the analysis.
More information about the program, you will find here..