huskyCI – Performing Security Tests Inside your CI

huskyCI is an open-source tool that orchestrates security tests inside CI pipelines of multiple projects and centralizes all results into a database for further analysis and metrics

The main goal of this project is to help development teams improve the quality of their code by finding vulnerabilities as quickly as possible, and thus addressing them.

huskyCI - Performing Security Tests Inside your CI
huskyCI – Performing Security Tests Inside your CI

huskyCI can perform static security analysis in Python (Bandit and Safety), Ruby (Brakeman), JavaScript (Npm Audit and Yarn Audit), Golang (Gosec), and Java(SpotBugs plus Find Sec Bugs). It can also audit repositories for secrets like AWS Secret Keys, Private SSH Keys, and many others using GitLeaks.

Some of the features with this tool are:

  • Vulnerabilities – Run security tests in multiple languages to find issues before the deployment.
  • Extensible – Create your own security test and add it into huskyCI.
  • Easy to use – Add a simple stage into your pipeline and huskyCI will find which security tests better suit the repository.
  • Fail the pipeline if vulnerabilities are found – Avoid deploying vulnerable code! huskyCI’s stage will fail in case a new vulnerability is pushed into the repository before reaching production or even development environment.

Using huskyCI is simple. Your stage script only needs to download and execute a binary (written in Go) called huskyci-client. This client will perform several requests to huskyCI’s API and act like a worker, regularly checking if all security tests have already finished and printing the results found to STDOUT. Developers can set up a new stage into their CI pipelines to check for vulnerabilities.

You can read more and download this tool over here: https://github.com/globocom/huskyCI

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments