sast-horusec

# Horusec SAST Scanner ## Overview Horusec is an open-source security analysis tool that performs static code analysis across 18+ programming languages using 20+ integrated security tools. It identifies vulnerabilities during development, scans git history for exposed secrets, and integrates seamlessly into CI/CD pipelines for secure SDLC practices. ## Supported Languages C#, Java, Kotlin, Python, Ruby, Golang, Terraform, JavaScript, TypeScript, Kubernetes, PHP, C, HTML, JSON, Dart, Elixir, Shell, Nginx ## Quick Start Run Horusec scan on current project: ```bash # Using Docker (recommended) docker run -v /var/run/docker.sock:/var/run/docker.sock \ -v $(pwd):/src horuszup/horusec-cli:latest horusec start -p /src -P $(pwd) # Local installation horusec start -p ./path/to/project ``` ## Core Workflows ### Workflow 1: Local Security Scan For developers performing pre-commit security analysis: 1. Navigate to project directory 2. Run Horusec scan: ```bash horusec start -p . -o json -O horusec-report.json ``` 3. Review JSON output for vulnerabilities 4. Filter by severity (HIGH, MEDIUM, LOW, INFO) 5. Address critical and high-severity findings 6. Re-scan to validate fixes ### Workflow 2: CI/CD Pipeline Integration Progress: [ ] 1. Add Horusec to CI/CD pipeline configuration [ ] 2. Configure output format (JSON for automated processing) [ ] 3. Set severity threshold for build failures [ ] 4. Run scan on each commit or pull request [ ] 5. Parse results and fail...