horusec: Find vulnerabilities in your projects

The is an open source tool that performs static code analysis to detect security flaws during the development process of projects.

Currently, the programming languages ​​for analysis are: C#, Java, Kotlin, , Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart.

The project has many options for searching for basic leaks and security vulnerabilities in all files in your program, as well as in of Git.

Horusec can be used via CLI on CI / CD.

Contents hide
Project roadmap
Installation
Use
Requirements for the use of horusec-cli
Use topically

Project roadmap

The developers report:

We started the project to focus on our company, but as the search grew, we chose to apply different practices and make it accessible to everyone.

In order to achieve our goals, we have divided into certain phases of delivery:

  • Phase 0: Support for all horusec-cli features in horusec-vscode (Q1)
  • Phase 1: Support for Theia (VsCode Web) (Q1)
  • Phase 2: Support Flutter, Dart, Bash, Shell, Elixir, Cloujure e Scala in resolution (Q1)
  • Phase 3: New service for of the administrator (Q2)
  • Phase 4: Dependency analysis for all supported programming languages ​​(Q3)
  • Phase 5: SAST with MVP semantic analysis (Q4)
  • Phase 6: DAST with symbolic MVP analysis (Q4)

Installation

To see more details on how to install the program, go to here.

Use

To use horusec-cli and check your vulnerabilities

horusec start

To get the authorization token and be able to see the vulnerabilities you in detail in our table see more details from here

WARNING : When horusec starts an analysis it creates a folder called .horusec.

This folder serves as a basis for not changing your password. We therefore recommend that you add the .horusec bar to your .gitignore file so that this folder does not have to be sent to the git server!

Requirements for the use of horusec-cli

  • Docker
  • git (Required if you use search throughout the project git history)

Use topically

To use horusec, download horusec locally on your machine and run it

make install

then run it HORUSEC-CLI to start the analysis.

More information about the program, you will find here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

horusecprojectvulnerabilities

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).