horusec v2.5 releases: improves identification of vulnerabilities in your project

What is Horusec?

Horusec is an open-source tool that performs a static code analysis to identify security flaws during the development process. Currently, the languages for analysis are C#, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart. The tool has options to search for key leaks and security flaws in all files of your project, as well as in Git history. Horusec can be used by the developer through the CLI and by the DevSecOps team on CI /CD mats. See in our DOCUMENTATION the complete list of tools and languages that we perform analysis.

Horusec manager

• Separate repositories by companies
• Manage users who have access to your company (users must be pre-registered on horusec to be invited to a pre-existing company)
• Manage the repositories available in your company for analysis
• Manage users who have access to company repositories
• Manage your access tokens for the specific repository (required to identify which repository this analysis belongs to and save to our system)
• Visually view all existing vulnerabilities in your company and/or its repository

Project roadmap 2021

We started the project to aggregate within our company, but as the search grew more and more we chose to apply good practices and open it up for everyone to collaborate with this incredible project.

In order to achieve our goals, we separated into some delivery phases:

• Phase 0: Support for all horusec-cli features into horusec-vscode (Q1)
• Phase 1: Support for the Theia(VsCode Web) (Q1)
• Phase 2: Support to Flutter, Dart, Bash, Shell, Elixir, Cloujure e Scala in the analysis (Q1)
• Phase 3: New service to manager vulnerabilities founds (Q2)
• Phase 4: Dependency analysis for all supported languages (Q3)
• Phase 5: SAST with MVP Semantic Analysis (Q4)
• Phase 6: DAST with MVP symbolic analysis (Q4)

Changelog v2.5

• [FEATURE] Creating ROADMAP.md file
• [FEATURE] Configure Renovate (#536)
• [CHORE] Update trivy tool description (#520)
• [CHORE] tests: fix coverage tests (#531)
• [CHORE] Update github.com/aquasecurity/fanal commit hash to 152431c (#537)
• [CHORE] Update module github.com/ZupIT/horusec-devkit to v1.0.15 (#538)
• [CHORE] Update module github.com/docker/docker to v20.10.8 (#540)
• [CHORE] Update module github.com/golang/mock to v1.6.0 (#542)
• [CHORE] Update python Docker tag to v3.9 (#543)
• [CHORE] Update EndBug/add-and-commit action to v7 (#544)
• [CHORE] Update actions/setup-go action to v2 (#545)
• [CHORE] Update module github.com/go-enry/go-enry/v2 to v2.7.1 (#541)
• [CHORE] Update azul/zulu-openjdk-alpine Docker tag to v16 (#546)
• [CHORE] Update mcr.microsoft.com/dotnet/runtime Docker tag to v6 (#547)
• [CHORE] bugfix/updating-horusec-engine (#551)
• [CHORE] Update module github.com/ZupIT/horusec-engine to v0.3.4 (#539)
• [CHORE] Feature/permissions on workflows (#534)
• [CHORE] hotifix/cli-errors (#535)
• [CHORE] bugfix/dockerfile-with-versions (#552)
• [CHORE] Updating branch with main (#556)
• [CHORE] csharp: fix false positive hardcoded password (#558)
• [CHORE] Update trivy tool description (#520)
• [CHORE] Update module github.com/ZupIT/horusec-devkit to v1.0.15 (#538)
• [CHORE] Update module github.com/go-enry/go-enry/v2 to v2.7.1 (#541)
• [CHORE] bugfix/updating-horusec-engine (#551)
• [CHORE] Update module github.com/ZupIT/horusec-engine to v0.3.4 (#539)
• [CHORE] hotifix/cli-errors (#535)
• [CHORE] Update release.yml

Install & Use

Copyright 2020 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA