{"id":13362249,"url":"https://github.com/globocom/huskyCI","last_synced_at":"2025-03-12T15:30:56.266Z","repository":{"id":43781996,"uuid":"138089627","full_name":"globocom/huskyCI","owner":"globocom","description":"Performing security tests inside your CI","archived":false,"fork":false,"pushed_at":"2024-05-15T17:21:31.000Z","size":20396,"stargazers_count":577,"open_issues_count":26,"forks_count":141,"subscribers_count":28,"default_branch":"main","last_synced_at":"2025-03-03T15:08:46.891Z","etag":null,"topics":["bandit","brakeman","continuous-integration","gitlab-ci","golang","gosec","hacktoberfest","hacktoberfest2023-accepted","javascript","npm-audit","python","ruby-on-rails","safety","security-automation","security-tools","static-analysis","vulnerabilities","yarn-audit"],"latest_commit_sha":null,"homepage":"https://huskyci.opensource.globo.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/globocom.png","metadata":{"files":{"readme":"README-ptBR.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-20T21:52:00.000Z","updated_at":"2025-02-21T22:19:35.000Z","dependencies_parsed_at":"2024-05-16T05:46:56.837Z","dependency_job_id":"d40123fa-840c-4f38-a37f-00d20f7829b9","html_url":"https://github.com/globocom/huskyCI","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/globocom%2FhuskyCI","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/globocom%2FhuskyCI/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/globocom%2FhuskyCI/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/globocom%2FhuskyCI/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/globocom","download_url":"https://codeload.github.com/globocom/huskyCI/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243172144,"owners_count":20247887,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bandit","brakeman","continuous-integration","gitlab-ci","golang","gosec","hacktoberfest","hacktoberfest2023-accepted","javascript","npm-audit","python","ruby-on-rails","safety","security-automation","security-tools","static-analysis","vulnerabilities","yarn-audit"],"created_at":"2024-07-29T23:00:36.886Z","updated_at":"2025-03-12T15:30:56.222Z","avatar_url":"https://github.com/globocom.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/wiki/globocom/huskyCI/images/huskyCI-logo.png\" align=\"center\" height=\"\" /\u003e\n  \u003c!-- logo font: Anton --\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/globocom/huskyCI/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/globocom/huskyCI\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/rafaveira3/writing-and-presentations/blob/master/DEFCON-27-APP-SEC-VILLAGE-Rafael-Santos-huskyCI-Finding-security-flaws-in-CI-before-deploying-them.pdf\"\u003e\u003cimg src=\"https://img.shields.io/badge/DEFCON%2027-AppSec%20Village-black\"/\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/rafaveira3/contributions/blob/master/huskyCI-BlackHat-Europe-2019.pdf\"\u003e\u003cimg src=\"https://img.shields.io/badge/Black%20Hat%20Europe%202019-Arsenal-black\"/\u003e\u003c/a\u003e\n\u003ca href=\"https://defectdojo.readthedocs.io/en/latest/integrations.html#huskyci-report\"\u003e\u003cimg src=\"https://img.shields.io/badge/DefectDojo-Compatible-brightgreen\"/\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## Introdução\n\nO huskyCI é uma ferramenta de código aberto que orquestra testes de segurança e centraliza todos os resultados em um banco de dados para análises e métricas posteriores. Ele pode realizar análises de segurança estática em Python ([Bandit][Bandit] e [Safety][Safety]), Ruby ([Brakeman][Brakeman]), JavaScript ([Npm Audit][NpmAudit] e [Yarn Audit][YarnAudit]), Golang ([Gosec][Gosec]), Java ([SpotBugs][SpotBugs] mais [Find Sec Bugs][FindSec]), e HCL ([TFSec][TFSec]). Também pode auditar repositórios em busca de segredos como Chaves Secretas da AWS, Chaves SSH Privadas e muitos outros usando [GitLeaks][Gitleaks].\n\n## Como ele funciona?\n\nOs desenvolvedores podem configurar um novo estágio em seus pipelines de CI para verificar vulnerabilidades:\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"huskyCI-stage.png\"/\u003e\u003c/p\u003e\n\nSe forem encontrados problemas de segurança no código, informações como a severidade, a confiabilidade, o arquivo, a linha e muitas outras informações úteis podem ser exibidas, conforme exemplificado:\n\n\n```\n[HUSKYCI][*] poc-python-bandit -\u003e https://github.com/globocom/huskyCI.git\n[HUSKYCI][*] huskyCI analysis started! yDS9tb9mdt4QnnyvOBp3eVAXE1nWpTRQ\n\n[HUSKYCI][!] Title: Use of exec detected.\n[HUSKYCI][!] Language: Python\n[HUSKYCI][!] Tool: Bandit\n[HUSKYCI][!] Severity: MEDIUM\n[HUSKYCI][!] Confidence: HIGH\n[HUSKYCI][!] Details: Use of exec detected.\n[HUSKYCI][!] File: ./main.py\n[HUSKYCI][!] Line: 7\n[HUSKYCI][!] Code:\n6\n7 exec(command)\n8\n\n[HUSKYCI][!] Title: Possible hardcoded password: 'password123!'\n[HUSKYCI][!] Language: Python\n[HUSKYCI][!] Tool: Bandit\n[HUSKYCI][!] Severity: LOW\n[HUSKYCI][!] Confidence: MEDIUM\n[HUSKYCI][!] Details: Possible hardcoded password: 'password123!'\n[HUSKYCI][!] File: ./main.py\n[HUSKYCI][!] Line: 1\n[HUSKYCI][!] Code:\n1 secret = 'password123!'\n2\n3 password = 'thisisnotapassword' #nohusky\n4\n\n[HUSKYCI][SUMMARY] Python -\u003e huskyci/bandit:1.6.2\n[HUSKYCI][SUMMARY] High: 0\n[HUSKYCI][SUMMARY] Medium: 1\n[HUSKYCI][SUMMARY] Low: 1\n[HUSKYCI][SUMMARY] NoSecHusky: 1\n\n[HUSKYCI][SUMMARY] Total\n[HUSKYCI][SUMMARY] High: 0\n[HUSKYCI][SUMMARY] Medium: 1\n[HUSKYCI][SUMMARY] Low: 1\n[HUSKYCI][SUMMARY] NoSecHusky: 1\n\n[HUSKYCI][*] The following securityTests were executed and no blocking vulnerabilities were found:\n[HUSKYCI][*] [huskyci/gitleaks:2.1.0]\n[HUSKYCI][*] Some HIGH/MEDIUM issues were found in these securityTests:\n[HUSKYCI][*] [huskyci/bandit:1.6.2]\nERROR: Job failed: exit code 190\n```\n\n## Primeiros Passos\n\nVocê pode experimentar o huskyCI configurando um ambiente local usando o Docker Compose seguindo [este guia](https://huskyci.opensource.globo.com/docs/quickstart/local-installation/).\n\n## Documentação\n\nTodos os guias e a documentação completa podem ser encontrados na [página oficial de documentação](https://huskyci.opensource.globo.com/docs/quickstart/overview).\n\n## Como contribuir?\n\nLeia nosso [guia de contribuições](https://github.com/globocom/huskyCI/blob/master/CONTRIBUTING.md) para aprender sobre nosso processo de desenvolvimento, como propor correções de bugs e melhorias, e como construir e testar suas mudanças no huskyCI.\n\n## Comunicação\n\nTemos alguns canais de contato, sinta-se à vontade para nos contatar em:\n\n- [GitHub Issues](https://github.com/globocom/huskyCI/issues)\n- [Gitter](https://gitter.im/globocom/huskyCI)\n- [Twitter](https://twitter.com/huskyCI)\n\n## Contribuições\n\nEste projeto existe graças a todos os [contribuidores]((https://github.com/globocom/huskyCI/graphs/contributors)). Vocês são incríveis!   ❤️🚀\n\n## Licença\n\nO huskyCI está licenciado sob a [Licença BSD 3-Clause \"Nova\" ou \"Revisada\"](https://github.com/globocom/huskyCI/blob/master/LICENSE.md).\n\n[Bandit]: https://github.com/PyCQA/bandit\n[Safety]: https://github.com/pyupio/safety\n[Brakeman]: https://github.com/presidentbeef/brakeman\n[Gosec]: https://github.com/securego/gosec\n[NpmAudit]: https://docs.npmjs.com/cli/audit\n[YarnAudit]: https://yarnpkg.com/lang/en/docs/cli/audit/\n[Gitleaks]: https://github.com/zricethezav/gitleaks\n[SpotBugs]: https://spotbugs.github.io\n[FindSec]: https://find-sec-bugs.github.io\n[TFSec]: https://github.com/liamg/tfsec\n","funding_links":[],"categories":["Secure Programming","Build techniques"],"sub_categories":["Tokens","Supply chain beyond libraries"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglobocom%2FhuskyCI","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fglobocom%2FhuskyCI","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fglobocom%2FhuskyCI/lists"}