Sunday, February 28, 2021

Open Source Static Code Analysis tools - Horusec

Open source tool that performs static code analysis to identify security flaws during the development - Horusec



Currently, the languages for analysis are: C#, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart. The tool has options to search for key leaks and security flaws in all files of your project, as well as in Git history. Horusec can be used by the developer through the CLI and by the DevSecOps team on CI /CD mats.



In order to achieve our goals, we separated in some delivery phases:

  • Phase 0: Support for all horusec-cli features into horusec-vscode (Q1)
  • Phase 1: Support for the Theia(VsCode Web) (Q1)
  • Phase 2: Support to Flutter, Dart, Bash, Shell, Elixir, Cloujure e Scala in analysis (Q1)
  • Phase 3: New service to manager vulnerabilities founds (Q2)
  • Phase 4: Dependency analysis for all supported languages (Q3)
  • Phase 5: SAST with MVP Semantic Analysis (Q4)
  • Phase 6: DAST with MVP symbolic analysis (Q4)
Horusec Demo:


Download and Installation Ref :

https://github.com/ZupIT/horusec/tree/master/horusec-cli#installing