• Stars
    star
    572
  • Rank 77,995 (Top 2 %)
  • Language
    Go
  • License
    BSD 3-Clause "New...
  • Created over 6 years ago
  • Updated 7 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Performing security tests inside your CI

Introduction

huskyCI is an open source tool that orchestrates security tests and centralizes all results into a database for further analysis and metrics. It can perform static security analysis in Python (Bandit and Safety), Ruby (Brakeman), JavaScript (Npm Audit and Yarn Audit), Golang (Gosec), Java (SpotBugs plus Find Sec Bugs), and HCL (TFSec). It can also audit repositories for secrets like AWS Secret Keys, Private SSH Keys, and many others using GitLeaks.

How does it work?

Developers can set up a new stage into their CI pipelines to check for vulnerabilities:

If security issues are found in the code, the severity, the confidence, the file, the line, and many more useful information can be shown, as exemplified:

[HUSKYCI][*] poc-python-bandit -> https://github.com/globocom/huskyCI.git
[HUSKYCI][*] huskyCI analysis started! yDS9tb9mdt4QnnyvOBp3eVAXE1nWpTRQ

[HUSKYCI][!] Title: Use of exec detected.
[HUSKYCI][!] Language: Python
[HUSKYCI][!] Tool: Bandit
[HUSKYCI][!] Severity: MEDIUM
[HUSKYCI][!] Confidence: HIGH
[HUSKYCI][!] Details: Use of exec detected.
[HUSKYCI][!] File: ./main.py
[HUSKYCI][!] Line: 7
[HUSKYCI][!] Code:
6
7 exec(command)
8

[HUSKYCI][!] Title: Possible hardcoded password: 'password123!'
[HUSKYCI][!] Language: Python
[HUSKYCI][!] Tool: Bandit
[HUSKYCI][!] Severity: LOW
[HUSKYCI][!] Confidence: MEDIUM
[HUSKYCI][!] Details: Possible hardcoded password: 'password123!'
[HUSKYCI][!] File: ./main.py
[HUSKYCI][!] Line: 1
[HUSKYCI][!] Code:
1 secret = 'password123!'
2
3 password = 'thisisnotapassword' #nohusky
4

[HUSKYCI][SUMMARY] Python -> huskyci/bandit:1.6.2
[HUSKYCI][SUMMARY] High: 0
[HUSKYCI][SUMMARY] Medium: 1
[HUSKYCI][SUMMARY] Low: 1
[HUSKYCI][SUMMARY] NoSecHusky: 1

[HUSKYCI][SUMMARY] Total
[HUSKYCI][SUMMARY] High: 0
[HUSKYCI][SUMMARY] Medium: 1
[HUSKYCI][SUMMARY] Low: 1
[HUSKYCI][SUMMARY] NoSecHusky: 1

[HUSKYCI][*] The following securityTests were executed and no blocking vulnerabilities were found:
[HUSKYCI][*] [huskyci/gitleaks:2.1.0]
[HUSKYCI][*] Some HIGH/MEDIUM issues were found in these securityTests:
[HUSKYCI][*] [huskyci/bandit:1.6.2]
ERROR: Job failed: exit code 190

Getting Started

You can try huskyCI by setting up a local environment using Docker Compose following this guide.

Documentation

All guides and the full documentation can be found in the official documentation page.

Contributing

Read our contributing guide to learn about our development process, how to propose bugfixes and improvements, and how to build and test your changes to huskyCI.

Communication

We have a few channels for contact, feel free to reach out to us at:

Contributors

This project exists thanks to all the contributors. You rock! ❤️🚀

License

huskyCI is licensed under the BSD 3-Clause "New" or "Revised" License.

More Repositories

1

m3u8

Python m3u8 Parser for HTTP Live Streaming (HLS) Transmissions
Python
2,027
star
2

megadraft

Megadraft is a Rich Text editor built on top of Facebook's Draft.JS featuring a nice default base of components and extensibility
JavaScript
1,210
star
3

secDevLabs

A laboratory for learning secure web and mobile development in a practical manner.
PHP
894
star
4

react-native-draftjs-render

React Native render for draft.js model
JavaScript
386
star
5

database-as-a-service

Database as a service (DBaaS) that allows users to quickly and easily deploy and manage database instances using cloud infrastructure
Python
368
star
6

gitlab-ci-monitor

A simple dashboard for monitoring GitLab CI builds. Alpha version.
JavaScript
177
star
7

share-bar

A pure JS plugin to generate a share bar for social media, used by Globo.com.
JavaScript
159
star
8

sawpf

Salve a web, por favor
JavaScript
154
star
9

GloboDNS

Api to manage Bind Name Server
Ruby
139
star
10

opensource

Conheça os projetos Open Source na Globo.com
JavaScript
133
star
11

slo-generator

Easy setup a service level objective using prometheus
Go
129
star
12

destaque

Destaque is a simple slideshow plugin with built-in parallax effect.
JavaScript
125
star
13

dojo

Dojos realizados na Globo.com ao longo dos últimos anos.
JavaScript
120
star
14

hlsclient

Python HLS Client
TypeScript
105
star
15

tornado-es

A tornado-powered python library that provides asynchronous access to elasticsearch
Python
96
star
16

GloboNetworkAPI

API to automate IP Networking management, resource allocation and provisioning.
Python
85
star
17

tapioca

Tapioca is a small and flexible micro-framework on top of Tornado. It provides a simpler way to create RESTful API's.
Python
77
star
18

prettylog

Logs for human beings
Go
65
star
19

redis-healthy

It retrieves metrics, periodically, from Redis (or sentinel) and send them to Logstash
Go
63
star
20

nautilus.js

[separated fork] Async JavaScript loader & dependency manager in ~600B [gziped]
JavaScript
59
star
21

loopback-jsonschema

Adds JSON Schema support to LoopBack
JavaScript
57
star
22

echo-prometheus

Middleware for echo v4 to instrument all handlers as metrics
Go
52
star
23

functions

DEPRECATED: An Open Source Serverless Platform
JavaScript
49
star
24

kong-plugin-proxy-cache

A Proxy Caching plugin for Kong makes it fast and easy to configure caching of responses and serving of those cached responses in Redis
Lua
46
star
25

content-gateway-ruby

An easy way to get external content with two cache levels. The first is a performance cache and second is the stale
Ruby
45
star
26

pluct

A JSON Hyper Schema client that allows hypermedia navigation and resource validation
Python
39
star
27

tornado-cors

Makes it easier to add CORS support to tornado apps.
Python
38
star
28

react-native-ua

React Native module for Urban Airship
Objective-C
37
star
29

alchemetrics

Elixir metrics reporter and collector
Elixir
35
star
30

responsive-hub

JavaScript goodies for Responsive Design
JavaScript
34
star
31

alf

Python OAuth2 Client
Python
32
star
32

derpconf

derpconf abstracts loading configuration files for your app.
Python
31
star
33

glog-cli

Python
28
star
34

gifv-player

Javascript library for playing video files with gif fallback
JavaScript
25
star
35

go-buffer

Asynchronous data buffer for Go applications
Go
24
star
36

gothumbor

Golang client for Thumbor Image Service
Go
23
star
37

huskyCI-dashboard

Frontend to display data from huskyCI analyses
JavaScript
23
star
38

go-redis-opentracing

go-redis hook to collect OpenTracing spans
Go
22
star
39

vault

Admin webapp for Openstack's Keystone and Swift
Python
22
star
40

gsenha

GSenha is a password manager designed to avoid information leakage in the case of a compromise.
JavaScript
22
star
41

go-redis-prometheus

go-redis hook to export Prometheus metrics
Go
21
star
42

letrilizar

Transforme citações em imagens e compartilhe!
JavaScript
21
star
43

gsh

GSH is an OpenID Connect-compatible authentication system for systems using OpenSSH servers
Go
21
star
44

galf

Go OAuth2 Client
Go
20
star
45

azkaban-cli

CLI for Azkaban 3 API access and flow upload.
Python
20
star
46

tornado-prometheus

HTTP metrics for a tornado application
Python
20
star
47

GloboNetworkAPI-WebUI

Web UI to GloboNetworkAPI
Python
20
star
48

gitlab-lint

An open source gitlab linting utility
Go
19
star
49

zabbix-scripts

A collection of scripts to ease Zabbix administration
Python
19
star
50

oauth2u

OAuth 2 server implementation
Python
18
star
51

view-port

Viewport-Android is a library that aims to track items from a Recycler View, which remain visible in a given region on the screen (view port), for a minimum time of 250 milliseconds.
Kotlin
18
star
52

mugshot

Ruby
18
star
53

gitlab-lint-react

An open source gitlab linting utility
JavaScript
17
star
54

tornado-alf

Tornado Oauth 2 client
Python
17
star
55

measures

Backstage Measure
Python
17
star
56

gcrypt

🔐 encryption for humans
JavaScript
17
star
57

pymigration

A generic tool for migrate in python
Python
17
star
58

rtmp2img

rtmp2img: Create images from rtmp urls
Python
17
star
59

gcloud-utils

Global package for Cloud Management in Python
Python
16
star
60

graylog-plugin-oauth2

Oauth2 plugin for graylog project
Java
16
star
61

stewie

System for anomaly detection in mass generic data
Clojure
16
star
62

GloboNetworkAPI-client-python

Python client for GloboNetworkAPI
Python
16
star
63

globomap-api

API abstract used to mapping of infrastructure, services and processes of Globo.com
Python
15
star
64

jquery-eventtracker

jquery.eventtracker is a jQuery plugin wrapper for Google Analytics custom event tracker
JavaScript
14
star
65

hacktoberfest

Globo Hacktoberfest project
TypeScript
14
star
66

go-openstack

Go packages for OpenStack APIs.
Go
14
star
67

simple-virtuoso-migrate

Ontology versioning and migration tool inspired by simple-db-migrate.
Python
14
star
68

stormdash

A unique dashboard to show simple alerts
JavaScript
14
star
69

iprange

IPRange - Redis as a storage for IP range
Lua
14
star
70

dash_timeline_validator

It parses and validate a given MPD about its errors of the timeline.
Ruby
14
star
71

functions-sandbox

Sandbox for Backstage Functions
JavaScript
13
star
72

megadraft-table-plugin

Table Plugin - Megadraft Plugin
JavaScript
13
star
73

docker-openvswitch

Docker image of Open vSwitch with ssh enabled running over supervisord
13
star
74

zookeeper-centos-6

zookeeper RPM package for CentOS 6.
13
star
75

httpclient

A HTTP client in Golang.
Go
13
star
76

enforcement

Project focused on the implementation of policies in Kubernetes clusters through GitOps.
Python
13
star
77

reliable-request

A golang opinionated library to provide reliable request using hystrix-go, go-cache, and go-resiliency.
Go
13
star
78

tdi

Test Driven Infrastructure. Automates validation of deployed servers.
Ruby
12
star
79

configurable-http-proxy-redis-backend

Redis Backend for Jupyter's Configurable Proxy
JavaScript
12
star
80

dojo.globo

Dojo na Globo.com
Python
12
star
81

lig4

Lig4 is a board game brought to the web
JavaScript
11
star
82

globomap-ui

Web Interface to explore Globomap API
JavaScript
11
star
83

benchmark-python-wsgi

Benchmark of Python WSGI Servers
Python
10
star
84

container-broker

Run any Docker-based task in a simple and distributed way
Ruby
10
star
85

megadraft-related-articles-plugin

Related articles plugin for Megadraft text editor
JavaScript
10
star
86

alchemetrics_web

Collect and report key metrics for a typical web application based on Phoenix and Ecto.
Elixir
10
star
87

generator-megadraft-plugin

Plugin generator for the Megadraft Editor
JavaScript
10
star
88

auror-core

Azkaban Auror core for flow creation
Python
10
star
89

dbaas-cloudstack

A cloudstack adapter to DBaaS
Python
10
star
90

gsenha-api

GSenha-API is a password manager. Its architecture was designed to avoid information leakage in the case of a compromise
Python
9
star
91

url-pinger

URL healthcheck
Python
9
star
92

generic_cache

A Python utility / library to facilitate caching functions results'
Python
9
star
93

alchemetrics_tesla

Tesla middleware to report external call metrics.
Elixir
9
star
94

Globo-Live-Cache

Configuração de caching de vídeos ao vivo da Globo.com
Shell
9
star
95

mongo-go-prometheus

Monitors that export Prometheus metrics for the MongoDB Go driver
Go
9
star
96

directional-navigation

Directional navigation that filters elements via frustum and ranks by distance
JavaScript
8
star
97

zabbix2odbc

Zabbix macro sync for ODBC configuration with support MySQL and Oracle databases.
Python
8
star
98

memcachedapi

memcached service API for tsuru.
Python
8
star
99

dbaas-credentials

A credential manager for dbaas integrations
Python
8
star
100

tornado-stale-client

An async http client for tornado with stale cache support
Python
7
star