Horusec is an open source tool that runs analysis static code to identify security flaws during the project development process.
Currently, the programming languages for analysis are: C #, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart.
The project has many options to search for key leaks and security flaws in all archives of your program as well as in the Git history.
Horusec can be used via CLI on CI / CD.
Project roadmap
The developers report:
We started the project to focus on our company, but as the search grew, we chose to apply different practices and make it accessible to everyone.
In order to achieve our goals, we have divided into certain phases delivery:
- Phase 0: Support for all horusec-cli features in horusec-vscode (Q1)
- Phase 1: Support for Theia (VsCode Web) (Q1)
- Phase 2: Support Flutter, Dart, Bash, Shell, Elixir, Cloujure e Scala in resolution (Q1)
- Phase 3: New service for vulnerabilities of the administrator (Q2)
- Phase 4: Dependency analysis for all supported programming languages (Q3)
- Phase 5: SAST with MVP semantic analysis (Q4)
- Phase 6: DAST with symbolic MVP analysis (Q4)
Installation
To see more details on how to install the program, go to here.
Use
To use horusec-cli and check your vulnerabilities
horusec start
To obtain the warranty badge and to be able to see your vulnerabilities in detail in our table see more details from here
WARNING : When horusec starts an analysis it creates a folder called .horusec.
This folder serves as a basis for not changing your password. We therefore recommend that you add the .horusec bar to your .gitignore file so that this folder does not have to be sent to the git server!
Requirements for the use of horusec-cli
- Docker
- git (Required if you use search throughout the project git history)
Use topically
To use horusec, download horusec locally on your machine and run it
make install
then run it HORUSEC-CLI to start the analysis.
More information about the program, you will find here.