Coder Social home page Coder Social logo

gustavocovas / huskyci Goto Github PK

View Code? Open in Web Editor NEW

This project forked from globocom/huskyci

0.0 1.0 0.0 20.46 MB

Performing security tests inside your CI

Home Page: http://husky.ci

License: BSD 3-Clause "New" or "Revised" License

Go 92.90% Dockerfile 1.09% Makefile 1.21% Shell 3.48% TSQL 1.32%

huskyci's Introduction

Introduction

huskyCI is an open source tool that orchestrates security tests and centralizes all results into a database for further analysis and metrics. It can perform static security analysis in Python (Bandit and Safety), Ruby (Brakeman), JavaScript (Npm Audit and Yarn Audit), Golang (Gosec), and Java (SpotBugs plus Find Sec Bugs). It can also audit repositories for secrets like AWS Secret Keys, Private SSH Keys, and many others using GitLeaks.

How does it work?

Developers can set up a new stage into their CI pipelines to check for vulnerabilities:

If security issues are found in the code, the severity, the confidence, the file, the line, and many more useful information can be shown, as exemplified:

[HUSKYCI][*] poc-python-bandit -> https://github.com/globocom/huskyCI.git
[HUSKYCI][*] huskyCI analysis started! yDS9tb9mdt4QnnyvOBp3eVAXE1nWpTRQ

[HUSKYCI][!] Language: Python
[HUSKYCI][!] Tool: Bandit
[HUSKYCI][!] Severity: MEDIUM
[HUSKYCI][!] Confidence: HIGH
[HUSKYCI][!] Details: Use of exec detected.
[HUSKYCI][!] File: ./main.py
[HUSKYCI][!] Line: 7
[HUSKYCI][!] Code:
6 
7 exec(command)
8 

[HUSKYCI][SUMMARY] Python -> huskyci/bandit:1.6.2
[HUSKYCI][SUMMARY] High: 0
[HUSKYCI][SUMMARY] Medium: 1
[HUSKYCI][SUMMARY] Low: 0
[HUSKYCI][SUMMARY] NoSecHusky: 0

[HUSKYCI][SUMMARY] Total
[HUSKYCI][SUMMARY] High: 0
[HUSKYCI][SUMMARY] Medium: 1
[HUSKYCI][SUMMARY] Low: 0
[HUSKYCI][SUMMARY] NoSecHusky: 0

[HUSKYCI][*] Some HIGH/MEDIUM issues were found :(
ERROR: Job failed: exit code 1

Getting Started

You can try huskyCI by setting up a local environment using Docker Compose following this guide.

Documentation

All guides and the full documentation can be found in the official documentation page.

Contributing

Read our contributing guide to learn about our development process, how to propose bugfixes and improvements, and how to build and test your changes to huskyCI.

Communication

We have a few channels for contact, feel free to reach out to us at:

Contributors

This project exists thanks to all the contributors. You rock! โค๏ธ๐Ÿš€

License

huskyCI is licensed under the BSD 3-Clause "New" or "Revised" License.

huskyci's People

Contributors

abzcoding avatar brenol avatar edersonbrilhante avatar gitter-badger avatar gustavocovas avatar henriquebonadio-zz avatar jimmy1134 avatar joserenatosilva avatar krlier avatar localleon avatar luanagp avatar marcelomagina avatar marcelometal avatar mdjunior avatar mportela avatar nettoclaudio avatar rafaelrubbioli avatar rafaelsq avatar rafaveira3 avatar renatoaquino avatar rodrigo-brito avatar spimpaov avatar vfiebig avatar victorpalmeira avatar vitoriario avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.