- What is Horusec
- Project roadmap
- Getting started
- Installing
- Usage
- Usage locally
- Horusec manager
- Contributing
- Communication
- Contributors
Horusec is a security tool that centralizes many security test into one result. Currently, performance analysis consists of:
- Python(3.x) => (Bandit and Safety)
- Ruby => (Brakeman)
- Javascript => (Npm Audit and Yarn Audit)
- GoLang => (Gosec)
- .NetCore(3.x) => (.NetCore)
- Java => (HorusecJava)
- Kotlin => (HorusecKotlin)
- Terraform => (Tfsec)
- Leaks => (HorusecLeaks)
- Leaks(optional search in git history) => (GitLeaks)
For more details see our DOCUMENTATION
We started the project to aggregate within our company, but as the search grew more and more we chose to apply good practices and open it up for everyone to collaborate with this incredible project.
In order to achieve our goals, we separated in some delivery phases:
- Phase 0: Analyze vulnerabilities locally and send results to the application to manage them in an analytical way and find points for improvement in the project
- Phase 1: SAST analysis of the Kotlin language (Q3)
- Phase 2: New visual identity (Q3)
- Phase 3: Ability to indicate a vulnerability as a false positive or accepted risk (Q3)
- Phase 4: MVP of the SAST analysis engine (Q4 / 2021)
- Phase 5: Integration with vulnerability management tools (Archery) (Q4 / 2021)
- Phase 6: Plugins in IDE's - Developing in your project and in real time to be able to see if there are any security flaws is very important for the developer. Saving a long time in code review. (Q4 / 2021)
To see more details how install go to HERE
horusec versionFor use horusec-cli and check your vulnerabilities
horusec startor send with the authorization token to view the content analytically in the horusec admin panel.
horusec start -a="<YOUR_TOKEN_AUTHORIZATION>"To acquire the authorization token and you can see your vulnerabilities analytically on our panel see more details HERE
WARN: When horusec starts an analysis it creates a folder called .horusec. This folder serves as the basis for not changing your code. So we recommend that you add the line .horusec into your .gitignore file so that this folder does not need to be sent to your git server!
- docker
- git(Mandatory if you are using search throughout the project's git history)
For usage the horusec locally clone horusec in your local machine and run
make installand run the HORUSEC-CLI to start the analysis
For usage complete feature of the horusec you can see enter using this default user generated by horusec for you usage.
WARN: We do dns validation for account creation, so remember to use a valid email. For tests accounts we accept [email protected] as a valid dns.
email: [email protected]
password: Devpass0*
- docker
- git
- docker-compose/helm
- golang
- rabbitmq
- postgres
- account-of-email (optional)
- Separate repositories by companies
- Manage users who have access to your company (users must be pre-registered on horusec to be invited to a pre-existing company)
- Manage the repositories available in your company for analysis
- Manage users who have access to company repositories
- Manage your access tokens for the specific repository (required to identify which repository this analysis belongs to and save to our system)
- Visually view all existing vulnerabilities in your company and/or its repository
Read our contributing guide to learn about our development process, how to propose bugfixes and improvements, and how to build and test your changes to horusec.
We have a few channels for contact, feel free to reach out to us at:
This project exists thanks to all the contributors. You rock! โค๏ธ๐
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent