horusec

module
v1.10.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 26, 2021 License: Apache-2.0

README

License

logo_header

We are moving the manager web application to a new repository, see the work in progress: https://github.com/ZupIT/horusec-platform/tree/develop

What is Horusec?

Horusec is an open source tool that performs static code analysis to identify security flaws during the development process. Currently, the languages for analysis are: C#, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart, Elixir, Shell. The tool has options to search for key leaks and security flaws in all files of your project, as well as in Git history. Horusec can be used by the developer through the CLI and by the DevSecOps team on CI /CD mats. See in our DOCUMENTATION the complete list of tools and languages that we perform analysis

architecture

Project roadmap 2021

We started the project to aggregate within our company, but as the search grew more and more we chose to apply good practices and open it up for everyone to collaborate with this incredible project.

In order to achieve our goals, we separated in some delivery phases:

  • Phase 0: Support for all horusec-cli features into horusec-vscode (Q1)
  • Phase 1: Support for the Theia(VsCode Web) (Q1)
  • Phase 2: Support to Flutter, Dart, Bash, Shell, Elixir, Cloujure e Scala in analysis (Q1)
  • Phase 3: New service to manager vulnerabilities founds (Q2)
  • Phase 4: Dependency analysis for all supported languages (Q3)
  • Phase 5: SAST with MVP Semantic Analysis (Q4)
  • Phase 6: DAST with MVP symbolic analysis (Q4)

Getting started

CLI

To see more details how install go to HERE

Check the installation
horusec version

Usage

For use horusec-cli and check your vulnerabilities

horusec start

or send with the authorization token to view the content analytically in web application.

horusec start -a="<YOUR_TOKEN_AUTHORIZATION>"

To acquire the authorization token and you can see your vulnerabilities analytically on our panel see more details HERE

WARN: When horusec starts an analysis it creates a folder called .horusec. This folder serves as the basis for not changing your code. So we recommend that you add the line .horusec into your .gitignore file so that this folder does not need to be sent to your git server!

usage_horusec

Web application

Which is?

Horusec's web applications are an extension of the CLI's functionalities in order to manage the vulnerabilities contracted and be able to classify them.

  • Multitenant
  • Controle de acesso
  • Visão analítica
  • Classificação de vulnerabilidade
  • Integração com outros tipos de oAuth
  • Integração com serviço de menssageria See more details here

Contributing

Read our contributing guide to learn about our development process, how to propose bugfixes and improvements, and how to build and test your changes to horusec.

Communication

We have a few channels for contact, feel free to reach out to us at:

Contributors

This project exists thanks to all the contributors. You rock! ❤️🚀

Directories

Path Synopsis
deployments
development-kit
nolint
e2e
application_admin/horusec
Requests save in this file are exclusive of horusec e2e
Requests save in this file are exclusive of horusec e2e
server
Requests save in this file are shared into all server e2e.
Requests save in this file are shared into all server e2e.
server/keycloak
Requests save in this file are exclusive of keycloak e2e
Requests save in this file are exclusive of keycloak e2e
server/keycloak/entities
Entities created in this files are exclusive from keycloak e2e
Entities created in this files are exclusive from keycloak e2e
server/messages
Requests save in this file are exclusive of messages e2e
Requests save in this file are exclusive of messages e2e
examples
horusec-account
cmd/app
nolint
nolint
nolint
horusec-analytic
nolint
nolint
horusec-api
nolint
horusec-auth
horusec-cli
config
nolint
nolint
nolint
nolint
nolint
horusec-messages
nolint nolint nolint
horusec-webhook

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL