huskyCI
Kang Asu
huskyCI - Performing Security Tests Inside Your CI
huskyCI is an open-source tool that performs security tests inside CI pipelines of multiple projects and centralizes all results into a database for further analysis and metrics.
How does it work?
The main goal of this project is to help development teams improve the quality of their code by finding vulnerabilities as quickly as possible, and thus addressing them.
huskyCI can perform static security analysis in Python (Bandit and Safety), Ruby (Brakeman), JavaScript (Npm Audit and Yarn Audit), Golang (Gosec), and Java(SpotBugs plus Find Sec Bugs). It can also audit repositories for secrets like AWS Secret Keys, Private SSH Keys, and many others using GitLeaks. You should check our wiki to better understand how this tool could help securing your organization projects!
How does it work?
The main goal of this project is to help development teams improve the quality of their code by finding vulnerabilities as quickly as possible, and thus addressing them.
huskyCI can perform static security analysis in Python (Bandit and Safety), Ruby (Brakeman), JavaScript (Npm Audit and Yarn Audit), Golang (Gosec), and Java(SpotBugs plus Find Sec Bugs). It can also audit repositories for secrets like AWS Secret Keys, Private SSH Keys, and many others using GitLeaks. You should check our wiki to better understand how this tool could help securing your organization projects!
Requirements
Docker and Docker-Compose
The easiest way to deploy huskyCI locally is by using Docker and Docker Compose, thus you should have them installed on your machine.
Golang
You must also have Go installed and huskyCI needs to be inside your $GOPATH to run properly.
Installing
After cloning this repository, simply run the command inside huskyCI's folder:
Docker and Docker-Compose
The easiest way to deploy huskyCI locally is by using Docker and Docker Compose, thus you should have them installed on your machine.
Golang
You must also have Go installed and huskyCI needs to be inside your $GOPATH to run properly.
Installing
After cloning this repository, simply run the command inside huskyCI's folder:
make installRunning
After installing, an
.env file with instructions to huskyCI should be generated:$ cat .env
export HUSKYCI_CLIENT_REPO_URL="https://github.com/globocom/huskyCI.git"
export HUSKYCI_CLIENT_REPO_BRANCH="vulns-Golang"
export HUSKYCI_CLIENT_API_ADDR="http://localhost:8888"
export HUSKYCI_CLIENT_API_USE_HTTPS="false"
export HUSKYCI_CLIENT_TOKEN="{YOUR_TOKEN_HERE}"You can change the repository and branch being analysed by modifying the contents of
HUSKYCI_CLIENT_REPO_URL and HUSKYCI_CLIENT_REPO_BRANCH. Then simply source it through the command:. .envMac OS:
make run-clientLinux:
make run-client-linuxFrontend
huskyCI has also a cool Frontend built in React so you can check some stats regarding your huskyCI results! After running your first scan, simply visit:
http://localhost:8080
Regards
Kang Asu
