{"id":28947526,"url":"https://github.com/hasip-timurtas/solsec","last_synced_at":"2026-04-24T22:33:51.514Z","repository":{"id":300619468,"uuid":"1006608280","full_name":"hasip-timurtas/solsec","owner":"hasip-timurtas","description":"🛡️ CLI toolkit for auditing Solana smart contracts. Includes static analysis, IDL-based fuzzing, plugin system, and multi-format reports.","archived":false,"fork":false,"pushed_at":"2025-06-22T19:35:39.000Z","size":153,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-22T19:54:42.592Z","etag":null,"topics":["anchor","auditing","blockchain","cli","fluzzing","rust","security","smart-contracts","solana","static-analysis","web3"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hasip-timurtas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-22T16:28:11.000Z","updated_at":"2025-06-22T19:31:06.000Z","dependencies_parsed_at":"2025-06-22T19:54:56.302Z","dependency_job_id":"971c2927-bedc-4e22-8bf0-518fa2da8ed7","html_url":"https://github.com/hasip-timurtas/solsec","commit_stats":null,"previous_names":["hasip-timurtas/scsec","hasip-timurtas/solsec"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/hasip-timurtas/solsec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasip-timurtas%2Fsolsec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasip-timurtas%2Fsolsec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasip-timurtas%2Fsolsec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasip-timurtas%2Fsolsec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hasip-timurtas","download_url":"https://codeload.github.com/hasip-timurtas/solsec/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasip-timurtas%2Fsolsec/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261458410,"owners_count":23161173,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anchor","auditing","blockchain","cli","fluzzing","rust","security","smart-contracts","solana","static-analysis","web3"],"created_at":"2025-06-23T10:00:47.499Z","updated_at":"2026-04-24T22:33:51.505Z","avatar_url":"https://github.com/hasip-timurtas.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🛡️ Solana Smart Contract Security Toolkit (solsec)\n\n[![Crates.io](https://img.shields.io/crates/v/solsec.svg)](https://crates.io/crates/solsec)\n[![Downloads](https://img.shields.io/crates/d/solsec.svg)](https://crates.io/crates/solsec)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![Rust](https://img.shields.io/badge/rust-2021-orange.svg)](https://www.rust-lang.org)\n[![CI](https://github.com/hasip-timurtas/solsec/actions/workflows/ci.yml/badge.svg)](https://github.com/hasip-timurtas/solsec/actions/workflows/ci.yml)\n\nA comprehensive security analysis tool for Solana smart contracts that helps developers identify vulnerabilities before deployment through static analysis and fuzz testing. Features an advanced interactive HTML reporting system with intelligent suggestion algorithms.\n\n## Table of Contents\n\n- [Why solsec?](#-why-solsec)\n- [Features](#-features)\n- [Built-in Security Rules](#-built-in-security-rules)\n- [Security Checks Reference](docs/SECURITY_CHECKS.md)\n- [Quick Start](#-quick-start)\n- [Commands](#-commands)\n- [Configuration](#-configuration)\n- [Plugin Development](#-plugin-development)\n- [CI/CD Integration](#-cicd-integration)\n- [Report Examples](#-report-examples)\n- [Development](#️-development)\n- [Examples](#-examples)\n- [Performance \u0026 Accuracy](#-performance--accuracy)\n- [Community](#-community)\n- [Contributing](docs/CONTRIBUTING.md)\n- [Changelog](docs/CHANGELOG.md)\n- [License](#-license)\n\n## 🎯 Why solsec?\n\n**solsec** is designed to be a developer's first line of defense against smart contract vulnerabilities. While other tools exist, solsec offers a unique combination of:\n\n- **🔍 High Accuracy**: Advanced pattern detection with minimal false positives - identifies 39 security issues across example contracts\n- **⚡ High Performance**: Parallel processing with Rust performance - up to 5x faster analysis on multi-file projects\n- **🎯 Comprehensive Coverage**: Detects critical vulnerabilities including reentrancy, unsafe account access, and privilege escalation\n- **🛠️ Developer-Friendly**: Clear, actionable reports with specific remediation guidance and severity classification\n- **🔧 Easy Integration**: Seamless CI/CD integration with automated security checks and pre-commit hooks\n- **🧪 Production Ready**: Thoroughly tested with comprehensive validation and robust error handling\n\n## ✨ Features\n\n### 🔐 Advanced Security Analysis\n- **Static Analysis**: Detect critical vulnerabilities with high accuracy and minimal false positives\n- **Parallel Processing**: Multi-core analysis using Rust's `rayon` for significant performance improvement\n- **Severity Classification**: Identifies 4 severity levels - Critical, High, Medium, Low with targeted remediation\n- **Comprehensive Rule Coverage**: 8+ security rules covering all major Solana vulnerability classes\n\n### 🎨 Revolutionary Suggestion System\n- **Interactive HTML Interface**: JavaScript-powered suggestion formatting with professional styling\n- **Multiple Implementation Options**: Each security issue shows 3+ different fix approaches\n- **Function-Aware Recommendations**: Personalized suggestions using extracted function names\n- **Before/After Code Examples**: Side-by-side syntax-highlighted comparisons showing exact fixes\n- **Copy-Paste Ready**: All code examples are immediately usable in your projects\n- **Educational Value**: Learn multiple security patterns instead of single fixes\n\n### 🚀 Performance \u0026 Reliability  \n- **Parallel File Processing**: Concurrent analysis of multiple files using `rayon` crate\n- **Smart Error Handling**: Clear, colored error messages with proper path validation\n- **Comprehensive Testing**: Thorough unit testing ensuring reliability\n- **Memory Efficient**: Optimized regex compilation and efficient pattern matching\n\n### 📊 Professional Reporting\n- **Interactive HTML Reports**: Revolutionary suggestion system with JavaScript-powered formatting\n  - **Multi-Option Suggestions**: Beautiful card layouts showing 3+ implementation approaches per issue\n  - **Before/After Code Comparisons**: Side-by-side syntax-highlighted code sections\n  - **Function-Specific Guidance**: Personalized recommendations based on actual function names\n  - **Responsive Design**: Professional mobile-friendly interface\n- **Multiple Report Formats**: JSON, HTML, Markdown, and CSV outputs with beautiful styling\n- **Severity Classification**: Clear prioritization with Critical/High/Medium/Low severity levels\n- **Actionable Recommendations**: Copy-pasteable code examples and specific remediation guidance\n- **Browser Integration**: Automatic HTML report opening with intelligent environment detection\n\n### 🔌 Extensibility \u0026 Integration\n- **Plugin System**: Extensible architecture for custom security rules\n- **CI/CD Ready**: GitHub Actions support with automated security checks\n- **Pre-commit Hooks**: Block commits with critical vulnerabilities\n- **Configuration System**: Flexible rule configuration and customization\n\n## 🚀 Quick Start\n\n### Installation\n\n#### From Crates.io\n```bash\ncargo install solsec\n```\n\n#### From Source\n```bash\ngit clone https://github.com/hasip-timurtas/solsec.git\ncd solsec\ncargo install --path .\n```\n\n### Basic Usage\n\n```bash\n# Scan the current project and generates both JSON and HTML\nsolsec scan\n\n# Scan a specific Solana program and set an output directory\nsolsec scan ./my-solana-program --output ./results\n\n# Generate only JSON\nsolsec scan ./my-program --json-only --output results.json\n\n# Generate only HTML\nsolsec scan ./my-program --html-only --output results.html\n\n# Generate multiple formats at once\nsolsec scan ./my-program --format json,html,markdown,csv\n\n# Don't open browser automatically\nsolsec scan ./my-program --no-open\n\n# Run fuzz testing\nsolsec fuzz ./my-solana-program --timeout 300\n```\n\n## 📚 Library Usage\n\n**New in v0.2.1**: solsec can now be used as a library dependency in your Rust projects for programmatic security analysis.\n\n### Adding solsec as a Dependency\n\n```toml\n[dependencies]\nsolsec = \"0.2.1\"\n```\n\n### Basic Library Usage\n\n```rust\nuse solsec::{StaticAnalyzer, ReportGenerator, ReportFormat};\nuse std::path::Path;\n\n#[tokio::main]\nasync fn main() -\u003e anyhow::Result\u003c()\u003e {\n    // Create analyzer\n    let mut analyzer = StaticAnalyzer::new(None)?;\n    \n    // Analyze your code\n    let results = analyzer.analyze_path(Path::new(\"./src\")).await?;\n    \n    // Generate reports\n    let generator = ReportGenerator::new();\n    generator.generate_report(\u0026results, Path::new(\"report.json\"), ReportFormat::Json).await?;\n    generator.generate_report(\u0026results, Path::new(\"report.html\"), ReportFormat::Html).await?;\n    \n    println!(\"Found {} security issues\", results.len());\n    Ok(())\n}\n```\n\n### Available Types\n\n- `StaticAnalyzer` - Core security analysis engine\n- `ReportGenerator` - Multi-format report generation\n- `FuzzEngine` - Automated fuzz testing\n- `PluginManager` - Custom rule management\n- `AnalysisResult` - Security issue representation\n\n## 📖 Commands\n\n### `solsec scan`\n\nRun static analysis on your Solana smart contracts. Generates both JSON and HTML by default. If no path is provided, it recursively scans the current directory for all `.rs` files, automatically ignoring `target/` and `.git/` folders.\n\nHTML reports automatically open in the default browser when running interactively, but remain closed in CI/automation environments.\n\n```bash\nsolsec scan [PATH] [OPTIONS]\n\nOPTIONS:\n    -c, --config \u003cFILE\u003e          Configuration file path\n    -o, --output \u003cDIR\u003e           Output directory [default: ./solsec-results]\n    -f, --format \u003cFORMATS\u003e       Output formats (comma-separated) [default: json,html] [possible values: json, html, markdown, csv]\n        --json-only              Only generate JSON\n        --html-only              Only generate HTML\n        --no-open                Don't automatically open HTML report in browser\n        --fail-on-critical       Exit with non-zero code on critical issues [default: true]\n\nEXAMPLES:\n    # Scan the entire project (generates both JSON and HTML)\n    solsec scan\n\n    # Scan a specific directory with default formats\n    solsec scan ./programs/my-program\n    \n    # Generate only JSON for CI/CD integration\n    solsec scan ./programs --json-only --output results.json\n\n    # Generate only HTML for manual review\n    solsec scan ./programs --html-only --output results.html\n\n    # Generate HTML but don't open browser\n    solsec scan ./programs --html-only --no-open --output results.html\n\n    # Generate all available formats\n    solsec scan ./programs --format json,html,markdown,csv\n\n    # Scan with configuration file\n    solsec scan ./programs --config solsec.toml --output ./security-results\n```\n\n### `solsec fuzz`\n\nRun fuzz testing on smart contracts.\n\n```bash\nsolsec fuzz \u003cPATH\u003e [OPTIONS]\n\nOPTIONS:\n    -t, --timeout \u003cSECONDS\u003e      Timeout in seconds [default: 300]\n    -j, --jobs \u003cNUMBER\u003e          Number of parallel fuzzing jobs [default: 1]\n    -o, --output \u003cDIR\u003e           Output directory [default: ./fuzz-results]\n\nEXAMPLES:\n    solsec fuzz ./programs/my-program --timeout 600 --jobs 4\n    solsec fuzz ./programs --output ./custom-fuzz-results\n```\n\n### `solsec plugin`\n\nManage security rule plugins.\n\n```bash\nsolsec plugin \u003cACTION\u003e [PATH]\n\nACTIONS:\n    list      List available plugins\n    load      Load a plugin\n    unload    Unload a plugin\n\nEXAMPLES:\n    solsec plugin list\n    solsec plugin load ./my-custom-rule.so\n    solsec plugin unload my-custom-rule\n```\n\n## 🔧 Configuration\n\nCreate a `solsec.toml` configuration file:\n\n```toml\n# Enable/disable specific rules\nenabled_rules = [\n    \"integer_overflow\",\n    \"missing_signer_check\", \n    \"unchecked_account\",\n    \"reentrancy\"\n]\n\ndisabled_rules = []\n\n# Rule-specific settings\n[rule_settings]\n[rule_settings.integer_overflow]\nignore_patterns = [\"test_*\", \"mock_*\"]\n\n[rule_settings.missing_signer_check]\nrequired_for_instructions = [\"transfer\", \"withdraw\"]\n```\n\n## 🔍 Built-in Security Rules\n\n| Rule | Severity | Description | Detections |\n|------|----------|-------------|------------|\n| `reentrancy` | **High** | Detects state changes after external calls (CEI pattern violations) | ✅ 8 vulnerabilities found |\n| `unchecked_account` | **Critical** | Finds unsafe account access, transmute operations, and unvalidated accounts | ✅ 4 critical + 14 medium issues |\n| `missing_signer_check` | **High** | Identifies instruction handlers without proper signer validation | ✅ 8 high severity issues |\n| `integer_overflow` | **Medium** | Detects arithmetic operations without overflow protection | ✅ 5 legitimate overflow risks |\n| `pda_validation` | **High** | Validates PDA derivation and bump parameter usage | ✅ PDA validation |\n| `privilege_escalation` | **Critical** | Detects unauthorized authority/admin changes | ✅ Authority security |\n| `unsafe_arithmetic` | **Medium** | Finds division by zero and underflow risks | ✅ Arithmetic protection |\n| `insufficient_validation` | **High** | Identifies missing input validation in public functions | ✅ Input validation |\n\n### 🎯 Detection Accuracy\n\n- ✅ **Reentrancy**: Detects 8 vulnerabilities across examples\n- ✅ **Unchecked Account**: Identifies 4 critical + 14 medium severity issues\n- ✅ **Zero False Positives**: Filters out comments, strings, and non-code patterns\n- ✅ **Comprehensive Coverage**: 39 total security issues identified across all severity levels\n\n\u003e 📖 **For detailed information about each security check, including code examples and best practices, see the [Security Checks Reference](docs/SECURITY_CHECKS.md).**\n\n## 🔌 Plugin Development\n\nCreate custom security rules by implementing the `Rule` trait:\n\n```rust\nuse solsec::plugin::{Rule, RuleResult, Severity};\nuse std::path::Path;\nuse anyhow::Result;\n\n#[derive(Debug)]\npub struct MyCustomRule;\n\nimpl Rule for MyCustomRule {\n    fn name(\u0026self) -\u003e \u0026str {\n        \"my_custom_rule\"\n    }\n\n    fn description(\u0026self) -\u003e \u0026str {\n        \"Detects my specific vulnerability pattern\"\n    }\n\n    fn check(\u0026self, content: \u0026str, file_path: \u0026Path) -\u003e Result\u003cVec\u003cRuleResult\u003e\u003e {\n        let mut results = Vec::new();\n        \n        // Your analysis logic here\n        for (line_num, line) in content.lines().enumerate() {\n            if line.contains(\"dangerous_pattern\") {\n                results.push(RuleResult {\n                    severity: Severity::High,\n                    message: \"Dangerous pattern detected\".to_string(),\n                    line_number: Some(line_num + 1),\n                    column: None,\n                    code_snippet: Some(line.trim().to_string()),\n                    suggestion: Some(\"Use safe alternative\".to_string()),\n                });\n            }\n        }\n        \n        Ok(results)\n    }\n}\n\n// Plugin interface\n#[no_mangle]\npub extern \"C\" fn get_plugin_info() -\u003e PluginInfo {\n    PluginInfo {\n        name: \"my_plugin\".to_string(),\n        version: \"1.0.0\".to_string(),\n        description: \"My custom security plugin\".to_string(),\n        author: \"Your Name\".to_string(),\n        rules: vec![\"my_custom_rule\".to_string()],\n    }\n}\n\n#[no_mangle]\npub extern \"C\" fn create_rules() -\u003e Vec\u003cBox\u003cdyn Rule\u003e\u003e {\n    vec![Box::new(MyCustomRule)]\n}\n```\n\nBuild your plugin as a dynamic library:\n\n```bash\ncargo build --lib --crate-type=cdylib --release\n```\n\n## 🤖 CI/CD Integration\n\n### GitHub Actions\n\nAdd the following to your `.github/workflows/security.yml`:\n\n```yaml\nname: Security Scan\n\non:\n  push:\n    branches: [ main ]\n  pull_request:\n    branches: [ main ]\n\njobs:\n  security:\n    runs-on: ubuntu-latest\n    steps:\n    - uses: actions/checkout@v4\n    \n    - name: Install solsec\n      run: |\n        cargo install --locked solsec\n    \n    - name: Run security scan\n      run: |\n        solsec scan ./programs --output ./security-results\n    \n    - name: Upload security report\n      uses: actions/upload-artifact@v3\n      with:\n        name: security-report\n        path: ./security-results/\n    \n    - name: Fail on critical issues\n      run: |\n        if [ -f ./security-results/*.json ]; then\n          # Ensure jq is installed\n          sudo apt-get install -y jq\n          critical_count=$(jq '.summary.critical_issues' ./security-results/*.json)\n          if [ \"$critical_count\" -gt 0 ]; then\n            echo \"❌ Critical security issues found: $critical_count\"\n            exit 1\n          fi\n        fi\n```\n\n### Pre-commit Hook\n\nBlock commits that introduce critical vulnerabilities.\n\n**Setup Instructions:**\n1.  Create the file: `.git/hooks/pre-commit`\n2.  Copy the script below into the file.\n3.  Make it executable: `chmod +x .git/hooks/pre-commit`\n\n```bash\n#!/bin/sh\n# .git/hooks/pre-commit\n\necho \"🛡️ Running security scan...\"\n# Ensure solsec is in your PATH\nif ! command -v solsec \u0026\u003e /dev/null; then\n    echo \"solsec could not be found, skipping pre-commit check.\"\n    exit 0\nfi\n\n# Create a temporary directory for results\nRESULTS_DIR=$(mktemp -d)\nsolsec scan ./programs --format json --output \"$RESULTS_DIR\" --no-open\n\nif [ -f \"$RESULTS_DIR\"/*.json ]; then\n    # Ensure jq is installed\n    if ! command -v jq \u0026\u003e /dev/null; then\n        echo \"jq could not be found, skipping severity check.\"\n        rm -rf \"$RESULTS_DIR\"\n        exit 0\n    fi\n\n    critical_count=$(jq '.summary.critical_issues' \"$RESULTS_DIR\"/*.json 2\u003e/dev/null || echo \"0\")\n    if [ \"$critical_count\" -gt 0 ]; then\n        echo \"❌ Critical security issues found: $critical_count! Commit blocked.\"\n        echo \"Run 'solsec scan ./programs' to see details.\"\n        rm -rf \"$RESULTS_DIR\"\n        exit 1\n    fi\nfi\n\nrm -rf \"$RESULTS_DIR\"\necho \"✅ Security scan passed!\"\n```\n\n## Browser Opening Behavior\n\nHTML reports automatically open in the default browser under the following conditions:\n\n**Opens automatically when:**\n- Running in an interactive terminal (not redirected)\n- Generating HTML reports (`--html-only` or default formats)\n- Not in CI/automation environments\n\n**Remains closed when:**\n- Running in CI environments (GitHub Actions, GitLab CI, etc.)\n- Output is redirected or piped\n- Using `--no-open` flag\n- Only generating non-visual formats (JSON, CSV)\n\n## 📊 Report Examples\n\n### HTML Report\nRevolutionary interactive HTML reports with:\n- **Executive Summary**: Issue counts by severity with beautiful statistics cards\n- **Enhanced Suggestions**: Multi-option fix approaches with numbered cards and code examples\n- **Before/After Comparisons**: Side-by-side syntax-highlighted code sections for overflow fixes\n- **Function-Specific Guidance**: Personalized recommendations like \"Add signer validation to function 'transfer_funds_handler'\"\n- **Professional Styling**: Modern design with Monaco fonts, proper spacing, and responsive layouts\n- **Copy-Paste Ready Code**: Immediately usable code snippets for each suggested fix\n- **Mobile Optimization**: Responsive design that works perfectly on all devices\n\n**🔗 Live Example**: Check out [`examples/security-report.html`](./examples/security-report.html) to see a complete security report generated from scanning the example vulnerabilities. This report shows:\n- **258 total issues** found across all severity levels\n- **7 critical issues** requiring immediate attention\n- **Interactive navigation** with clickable severity cards\n- **Syntax-highlighted code** with proper Rust highlighting\n- **Multi-option suggestions** with numbered implementation approaches\n\n### JSON Report\nMachine-readable format for:\n- CI/CD pipeline integration\n- Custom tooling and analysis\n- Data processing and metrics\n\n### Markdown Report\nDeveloper-friendly format for:\n- README documentation\n- Pull request comments\n- Documentation sites\n\n## 🛠️ Development\n\n### Building from Source\n\n```bash\ngit clone https://github.com/hasip-timurtas/solsec.git\ncd solsec\ncargo build --release\n```\n\n### Running Tests\n\n```bash\ncargo test\n```\n\n### Contributing\n\nWe welcome contributions! Please see our comprehensive [Contributing Guide](docs/CONTRIBUTING.md) for detailed instructions on:\n\n- **Development Setup**: Fork, clone, and build the project\n- **Code Quality Standards**: Clippy compliance and formatting requirements  \n- **Testing Requirements**: Running `./scripts/run-tests.sh` before submission\n- **Pre-commit Hooks**: Native git hooks for quality assurance\n- **Security Rule Development**: Creating custom vulnerability detection rules\n- **Submission Guidelines**: Pull request process and commit message format\n\nQuick start for contributors:\n1. Fork the repository and create a feature branch\n2. Run `./scripts/run-tests.sh` to ensure all checks pass\n3. Submit a pull request with clear description of changes\n\n## 📚 Examples\n\nThe [`examples/`](./examples/) directory contains comprehensive security vulnerability demonstrations:\n\n### 🚨 Vulnerability Examples\nEach category includes both **vulnerable** and **secure** implementations for educational purposes:\n\n| Vulnerability Type | Severity | Vulnerable Examples | Secure Examples |\n|-------------------|----------|-------------------|-----------------|\n| **Integer Overflow** | Medium | `examples/integer_overflow/vulnerable.rs` | `examples/integer_overflow/secure.rs` |\n| **Missing Signer Check** | High | `examples/missing_signer_check/vulnerable.rs` | `examples/missing_signer_check/secure.rs` |\n| **Unchecked Account** | Critical | `examples/unchecked_account/vulnerable.rs` | `examples/unchecked_account/secure.rs` |\n| **Reentrancy** | High | `examples/reentrancy/vulnerable.rs` | `examples/reentrancy/secure.rs` |\n\n### 🧪 Testing the Examples\n\n```bash\n# Test individual vulnerable examples\nsolsec scan examples/integer_overflow/vulnerable.rs     # 4 medium severity issues\nsolsec scan examples/missing_signer_check/vulnerable.rs # 4 high severity issues\nsolsec scan examples/unchecked_account/vulnerable.rs    # 4 critical + 4 medium issues  \nsolsec scan examples/reentrancy/vulnerable.rs           # 4 high severity issues\n\n# Test secure examples (should find fewer/no critical issues)\nsolsec scan examples/*/secure.rs                        # Mainly medium severity issues\n\n# Comprehensive analysis across all examples\nsolsec scan examples/                                    # 39 total issues: 4 critical + 16 high + 19 medium\n```\n\n### 📖 Learning Resources\n- **Side-by-side Comparisons**: See exactly how to fix each vulnerability\n- **Real-world Patterns**: Actual Solana/Anchor code patterns\n- **Educational Comments**: Clear explanations of security issues\n- **Test Suite**: Validate that solsec detection works correctly\n\nSee the detailed [`examples/README.md`](./examples/README.md) for complete documentation.\n\n## ⚡ Performance \u0026 Accuracy\n\n### 🚀 Performance Features\n- **Parallel Processing**: Multi-core analysis using `rayon` crate for optimal speed\n- **Optimized Regex**: Pre-compiled patterns with efficient matching algorithms\n- **Memory Efficient**: Smart caching and resource management\n- **Scalable**: Handles large codebases with thousands of files\n\n### 🎯 Analysis Quality\n- **Pattern Detection**: Advanced analysis for precise vulnerability identification\n- **False Positive Reduction**: Intelligent filtering eliminates noise from comments and non-code patterns\n- **Comprehensive Coverage**: Detects all major Solana vulnerability classes\n- **Actionable Results**: Clear severity classification with specific remediation guidance\n\n### 📊 Quality Assurance\n```\n✅ Comprehensive Testing: Full unit test coverage\n✅ Code Quality: Passes strict clippy linting (-D warnings)\n✅ Formatting: rustfmt compliant\n✅ Performance: Parallel processing architecture\n✅ Accuracy: High precision vulnerability detection\n✅ Coverage: Multi-severity issue identification\n```\n\n### 🔍 Current Capabilities\n\n| Feature | Status | Details |\n|---------|--------|---------|\n| Reentrancy Detection | ✅ Active | Detects 8 types of reentrancy vulnerabilities |\n| Critical Account Issues | ✅ Active | Identifies unsafe account access patterns |\n| Interactive Suggestions | ✅ Active | Multi-option HTML suggestions with code examples |\n| Function-Specific Guidance | ✅ Active | Personalized recommendations using function names |\n| False Positive Rate | ✅ Minimal | Intelligent filtering of non-code patterns |\n| Processing Speed | ✅ Optimized | Parallel processing for fast analysis |\n| Security Coverage | ✅ Comprehensive | 39+ vulnerability patterns detected |\n\n## 🤝 Community\n\n- **Issues**: [GitHub Issues](https://github.com/hasip-timurtas/solsec/issues)\n- **Discussions**: [GitHub Discussions](https://github.com/hasip-timurtas/solsec/discussions)\n- **Discord**: [Solana Security Community](https://discord.gg/solana-security)\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## 🙏 Acknowledgments\n\n- The Solana Foundation for supporting security tooling\n- The Rust security community for best practices\n- Contributors and early adopters\n\n---\n\n**⚠️ Important**: This tool helps identify potential security issues but does not guarantee complete security. Always conduct thorough testing and consider professional security audits for production applications.\n\n## 📸 Example HTML Report\n\n![HTML Security Report Example](/examples/result.png)\n\n*Professional HTML security reports with syntax highlighting, interactive navigation, and actionable suggestions*\n\n*Built with ❤️ by Hasip Timurtas*","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhasip-timurtas%2Fsolsec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhasip-timurtas%2Fsolsec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhasip-timurtas%2Fsolsec/lists"}