{"id":25569773,"url":"https://github.com/clj-holmes/clj-holmes","last_synced_at":"2026-07-03T04:05:16.995Z","repository":{"id":42009518,"uuid":"410330660","full_name":"clj-holmes/clj-holmes","owner":"clj-holmes","description":"A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.","archived":false,"fork":false,"pushed_at":"2023-07-11T18:31:59.000Z","size":159,"stargazers_count":102,"open_issues_count":9,"forks_count":11,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-05-02T01:54:12.711Z","etag":null,"topics":["clojure","sast","security"],"latest_commit_sha":null,"homepage":"","language":"Clojure","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/clj-holmes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null},"funding":{"patreon":"mthbernardes","ko_fi":"mthbernardes"}},"created_at":"2021-09-25T16:56:14.000Z","updated_at":"2024-02-02T08:29:15.000Z","dependencies_parsed_at":"2023-01-30T21:16:13.558Z","dependency_job_id":"b5ae5767-dd3f-49da-b939-3d079e1e2311","html_url":"https://github.com/clj-holmes/clj-holmes","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clj-holmes%2Fclj-holmes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clj-holmes%2Fclj-holmes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clj-holmes%2Fclj-holmes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/clj-holmes%2Fclj-holmes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/clj-holmes","download_url":"https://codeload.github.com/clj-holmes/clj-holmes/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239933104,"owners_count":19720732,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clojure","sast","security"],"created_at":"2025-02-21T00:02:44.707Z","updated_at":"2026-07-03T04:05:16.984Z","avatar_url":"https://github.com/clj-holmes.png","language":"Clojure","funding_links":["https://patreon.com/mthbernardes","https://ko-fi.com/mthbernardes"],"categories":["Uncategorized","Clojure"],"sub_categories":["Uncategorized"],"readme":"# clj-holmes\n\nA CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple [pattern language](https://github.com/clj-holmes/shape-shifter). Although finding vulnerabilities is its main purpose, `clj-holmes` can also be used to find any kind of code pattern.\n\n# Installation\nDownload the release for your OS (mac or linux), copy it to a directory in your `$PATH` and add executable permission to the binary.\n\n## Linux example\n```\ncurl -L https://github.com/clj-holmes/clj-holmes/releases/latest/download/clj-holmes-ubuntu-latest -o /tmp/clj-holmes\nsudo install -m 755 /tmp/clj-holmes /usr/local/bin/clj-holmes\nrm /tmp/clj-holmes\n```\n\n# Rules\nAll public rules can be found [here](https://github.com/clj-holmes/clj-holmes-rules). It is also possible to maintain your own set of rules.\n\n`clj-holmes` currently supports the following rules sources:\n\n## GitHub\nThe [GitHub](https://github.com/clj-holmes/clj-holmes/blob/main/src/clj_holmes/rules/wagon/github.clj) wagon supports public and private repositories. In order to fetch rules from a private repository the environment `GITHUB_TOKEN` variable needs to be set.\n\nTo fetch a rule set `clj-holmes` expects a GitHub repository URL following the specification below:\n\n`git://username/project-name#branch-name`\n\n## Fetching Rules\n```\nNAME:\n clj-holmes fetch-rules - Fetch rules from an external server\n\nUSAGE:\n clj-holmes fetch-rules [command options] [arguments...]\n\nOPTIONS:\n   -r, --repository S        git://clj-holmes/clj-holmes-rules#main  Repository to download rules\n   -o, --output-directory S  /tmp/clj-holmes-rules/                  Directory to save rules\n   -?, --help\n```\n\nIn order to execute a scan it is necessary to fetch the rules first. This can be achieve with the following command.\n\n`clj-holmes fetch-rules`\n\nIt's also possible to provide another source for a rule set by adding the `-r` or `--repository` parameter followed by the GitHub repository URL.\n\n`clj-holmes fetch-rules -r git://clj-holmes/clj-holmes-private-rules#main`\n\n# Scanning a Project\n```\n\nNAME:\n clj-holmes scan - Performs a scan for a path\n\nUSAGE:\n clj-holmes scan [command options] [arguments...]\n\nOPTIONS:\n   -p, --scan-path S*                                                Path to scan\n   -d, --rules-directory S              /tmp/clj-holmes-rules/       Directory to read rules\n   -o, --output-file S                  clj_holmes_scan_results.txt  Output file\n   -t, --output-type json|sarif|stdout  stdout                       Output type\n   -T, --rule-tags S                                                 Only use rules with specified tags to perform the scan\n   -S, --rule-severity S                                             Only use rules with specified severity to perform the scan\n   -P, --rule-precision S                                            Only use rules with specified precision to perform the scan\n   -i, --ignored-paths S                                             Regex for paths and files that shouldn't be scanned\n   -f, --[no-]fail-on-result                                         Enable or disable fail if results were found (useful for CI/CD)\n   -v, --[no-]verbose                                                Enable or disable scan process feedback.\n   -?, --help\n```\n\nAfter fetching the rules, it is possible to execute a scan by providing the `-p` or `--scan-path` parameter followed by the path of the Clojure project to be scanned.\n\n`clj-holmes scan -p /tmp/clojure-project`\n\n# Who uses it\n- [180˚ Seguros](https://www.180s.com.br/)\n- [Nubank](https://nubank.com.br/)\n\n# Build\nSteps necessary to build `clj-holmes`.\n### Dependencies\n- [graalvm](https://www.graalvm.org/java/quickstart/)\n- [lein](https://leiningen.org/)\n\n### Install native image\n`gu install native-image`\n\n### Download project dependencies\n`lein deps`\n\n### Clean target directory\n`lein clean`\n\n### Generate clj-holmes uberjar\n`lein uberjar`\n\n## Generate clj-holmes native binary\n`lein native -H:Name=clj-holmes`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclj-holmes%2Fclj-holmes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fclj-holmes%2Fclj-holmes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclj-holmes%2Fclj-holmes/lists"}