Overview
Overview
Horusec identifies the languages in your project and from that starts an analysis. You can also configure which language/tool you want to perform in your analysis, just change it in the configuration.
Horusec knows the resources available in your machine to perform an analysis in your CI/CD stack, and because of that it scales the amount of tools it runs simultaneously to deliver quicker results.
Horusec’s tools
CLI’s version corresponds to the tools' version created by Horusec’s team.
See below:
| Tools | Version |
|---|---|
| Horusec-Leaks | v2.7.1 |
| Horusec-Java | v2.7.1 |
| Horusec Kotlin | v2.7.1 |
| Horusec-Kubernetes | v2.7.1 |
| Horusec-NodeJS | v2.7.1 |
| Horusec-CSharp | v2.7.1 |
| Horusec Dart | v2.7.1 |
| Horusec Nginx | v2.7.1 |
| Horusec Swift | v2.7.1 |
Available programming languages and tools
Currently, Horusec can select the languages and/or tools to be used on the project based on the available stack.
See below these languages, the analysis tools and which version they are available:
| Language | Analysis Tools | Availability |
|---|---|---|
| Python | Bandit, Safety, Semgrep, Owasp Dependency Check (v2.2) and Trivy. | Version 2.0 |
| Ruby | Brakeman, Bundler Audit, Owasp Dependency Check (v2.2) and Trivy. | v2.0 |
| Javascript/Typescript | Npm Audit, Yarn Audit, Semgrep, [HorusecNodeJS, Owasp Dependency Check (v2.2), EsLint and Trivy | v2.0 |
| GoLang | Gosec, Semgrep, Nancy (v.2.2.1) and Trivy. | v2.0 |
| C# | SecuriyCodeScan, HorusecCSharp, Owasp Dependency Check (v2.2), DotNet CLI (v2.2) and Trivy. | v2.0 |
| Java | HorusecJava, Owasp Dependency Check (v2.2), Semgrep and Trivy. | v2.0 |
| Kotlin | HorusecKotlin | v2.0 |
| Kubernetes | HorusecKubernetes | 2.0 |
| Terraform | Tfsec and Checkov. | v2.0 |
| Leaks | HorusecLeaks | v2.0 |
| Leaks (optional search in git history) | GitLeaks | v2.0 |
| PHP | Semgrep, PHP Code Scan and Trivy. | v2.0 |
| C/C++ | Semgrep and Flawfinder | v2.0 |
| HTML | Semgrep | v2.0 |
| JSON | Semgrep | v2.0 |
| Dart | HorusecDart | v2.0 |
| Shell Script | Shellcheck | v2.0 |
| Elixir | Mix Audit and Sobelow | v2.0 |
| Nginx | HorusecNginx | v2.0 |
| Swift | HorusecSwift | v2.1 |
Available version on Horusec-CLI
| Tools | Version |
|---|---|
| Bandit | Version: 1.7.0 |
| Brakeman | v5.1.1 |
| Bundler Audit | v0.9.0 |
| Checkov | v2.0.474 |
| DotNet CLI | v5.0 |
| Flawfinder | v2.0.19 |
| GoSec | v2.8.1 |
| GitLeaks | v7.6.1 |
| MixAudit | v1.0.0 |
| Nancy | v1.0.22 |
| NpmAudit | v6.14.7 |
| Owasp Dependency Check | v6.2.2 |
| PHP Code Sniffer | v8.0.11 |
| Safety | v1.10.3 |
| Security Code Scan | v5.2.2 |
| Semgrep | v0.63.0 |
| Sobelow | v0.11.1 |
| ShellCheck | v0.7.2 |
| TFSec | v0.55.1 |
| Trivy | v0.19.2 |
| YarnAudit | v1.22.5 |
Read more
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.