The Horusec is an open source tool that performs static code analysis to detect security flaws during the development process of projects.
Currently, the programming languages for analysis are: C#, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart.
The project has many options for searching for basic leaks and security vulnerabilities in all files in your program, as well as in record of Git.
Horusec can be used via CLI on CI / CD.
Project roadmap
The developers report:
We started the project to focus on our company, but as the search grew, we chose to apply different practices and make it accessible to everyone.
In order to achieve our goals, we have divided into certain phases of delivery:
- Phase 0: Support for all horusec-cli features in horusec-vscode (Q1)
- Phase 1: Support for Theia (VsCode Web) (Q1)
- Phase 2: Support Flutter, Dart, Bash, Shell, Elixir, Cloujure e Scala in resolution (Q1)
- Phase 3: New service for vulnerabilities of the administrator (Q2)
- Phase 4: Dependency analysis for all supported programming languages (Q3)
- Phase 5: SAST with MVP semantic analysis (Q4)
- Phase 6: DAST with symbolic MVP analysis (Q4)
Installation
To see more details on how to install the program, go to here.
Use
To use horusec-cli and check your vulnerabilities
horusec start
To get the authorization token and be able to see the vulnerabilities points you in detail in our table see more details from here
WARNING : When horusec starts an analysis it creates a folder called .horusec.
This folder serves as a basis for not changing your password. We therefore recommend that you add the .horusec bar to your .gitignore file so that this folder does not have to be sent to the git server!
Requirements for the use of horusec-cli
- Docker
- git (Required if you use search throughout the project git history)
Use topically
To use horusec, download horusec locally on your machine and run it
make install
then run it HORUSEC-CLI to start the analysis.
More information about the program, you will find here.