{"id":15353220,"url":"https://github.com/yardexx/dart_shield","last_synced_at":"2026-02-23T18:34:34.134Z","repository":{"id":255437039,"uuid":"837372735","full_name":"yardexx/dart_shield","owner":"yardexx","description":"Security CLI tool (SAST) to detect security issues in your Dart and Flutter code.","archived":false,"fork":false,"pushed_at":"2026-02-02T19:22:23.000Z","size":1885,"stargazers_count":4,"open_issues_count":2,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-02-19T08:14:41.155Z","etag":null,"topics":["appsec","dart","flutter","sast","security","security-scanner","security-tools","static-analysis","static-code-analysis","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Dart","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yardexx.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-08-02T20:20:12.000Z","updated_at":"2026-01-29T17:39:55.000Z","dependencies_parsed_at":null,"dependency_job_id":"b2611cb7-976d-4efc-93c9-e3d458f848bb","html_url":"https://github.com/yardexx/dart_shield","commit_stats":null,"previous_names":["yardexx/dart_shield"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/yardexx/dart_shield","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yardexx%2Fdart_shield","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yardexx%2Fdart_shield/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yardexx%2Fdart_shield/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yardexx%2Fdart_shield/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yardexx","download_url":"https://codeload.github.com/yardexx/dart_shield/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yardexx%2Fdart_shield/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29750640,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-23T07:44:07.782Z","status":"ssl_error","status_checked_at":"2026-02-23T07:44:07.432Z","response_time":90,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","dart","flutter","sast","security","security-scanner","security-tools","static-analysis","static-code-analysis","vulnerability"],"created_at":"2024-10-01T12:13:28.551Z","updated_at":"2026-02-23T18:34:34.125Z","avatar_url":"https://github.com/yardexx.png","language":"Dart","readme":"\u003ch1 align=\"center\"\u003edart_shield\u003c/h1\u003e\n\n\u003cdiv align=\"center\"\u003e\n    \u003cpicture\u003e\n        \u003cimg\n        alt=\"Dart Shield\"\n        src=\"https://github.com/yardexx/dart_shield/blob/master/resources/img/shield-logo.svg\"\n        width=\"150\"\n        \u003e\n    \u003c/picture\u003e\n    \u003cp\u003eDart-based security-focused code analyzer which analyzes your Dart code for potential security flaws.\u003c/p\u003e\n    \u003ca href=\"https://github.com/yardexx/dart_shield/actions/workflows/dart.yml\"\u003e\u003cimg src=\"https://github.com/yardexx/dart_shield/actions/workflows/dart.yml/badge.svg\" alt=\"Pipelines: GitHub Actions\"/\u003e\u003c/a\u003e\n    \u003ca href=\"https://pub.dev/packages/very_good_analysis\"\u003e\u003cimg src=\"https://img.shields.io/badge/style-very_good_analysis-B22C89.svg\" alt=\"Style: Very Good Analysis\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://www.gitbook.com/preview?utm_source=gitbook_readme_badge\u0026utm_medium=organic\u0026utm_campaign=preview_documentation\u0026utm_content=link\"\u003e\u003cimg src=\"https://img.shields.io/static/v1?message=Documented%20on%20GitBook\u0026logo=gitbook\u0026logoColor=ffffff\u0026label=%20\u0026labelColor=5c5c5c\u0026color=3F89A1\"/\u003e\n\u003c/a\u003e\n    \u003ca href=\"https://opensource.org/licenses/MIT\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-MIT-purple.svg\" alt=\"License: MIT\"\u003e\u003c/a\u003e\n\u003c/div\u003e\n\n\n\u003e 🚧 UNDER CONSTRUCTION 🚧\n\u003e\n\u003e Please note that this project is still under construction and not yet ready for production use.\n\u003e\n\u003e Full documentation will be available once the project is ready for production use. If you have\n\u003e any questions, feel free to open an issue.\n\n# Overview\n\ndart_shield CLI is heavily inspired by other Dart and Flutter CLI, so commands and their behaviour\nis similar to what you might expect.\n\n# Features\n\n`dart_shield` can detect the following security issues:\n\n- Hardcoded API keys\n- Hardcoded URLs\n- Weak hashing algorithms\n- Usage of non-secure random number generators\n- Usage of insecure HTTP connections\n\n# Installation\nTo install dart_shield, run the following command:\n\n```bash\n# Using pub.dev\ndart pub global activate dart_shield\n\n# Directly from GitHub\ndart pub global activate -s git https://github.com/yardexx/dart_shield\n```\n\n# Usage\n\ndart_shield contains two crucial commands:\n\n- `init` - Initializes dart_shield in your project.\n- `analyze` - Analyzes your Dart code for potential security flaws.\n\nTo initialize `dart_shield` in your project, run the following command:\n\n```bash\ndart_shield init\n```\n\nThis command creates a `shield_options.yaml` file in the root of your project. This file contains\nthe configuration for `dart_shield`, which will be used during the analysis (similar to\n`analysis_options.yaml`).\n\nIf a shield_options.yaml file already exists in your project and you want to recreate it, use the\n`-f` or `--force` flag:\n\n```bash\ndart_shield init -f\n# or\ndart_shield init --force\n```\n\nTo analyze your Dart code for potential security flaws, run the following command:\n\n```bash\n# Analyze current directory (default)\ndart_shield analyze\n\n# Or explicitly specify a directory\ndart_shield analyze .\ndart_shield analyze lib\n```\n\nThis command analyzes your Dart code based on the configuration in the shield_options.yaml file.\nIf the configuration file is not found, the command will fail.\n\n# Configuration\n\nThe `shield_options.yaml` file contains configuration options, primarily rules, for `dart_shield`.\nThe configuration is similar to the `analysis_options.yaml` file, making it familiar to those who\nhave\nused Dart analysis tools.\n\nExample of the `shield_options.yaml` file:\n\n```yaml\n# This is a sample configuration file for dart_shield.\n# ⚠️ Configuration file must be named `shield_options.yaml` and placed in the root of the project.\n\n# shield_options.yaml is file with structure similar to analysis_options.yaml and it defines the\n#  rules that dart_shield will use to analyze your code.\n\n# The `shield` key is required.\nshield:\n\n  # List of excluded files or directories from being analyzed\n  exclude:\n    # Exclude a file using path (path begins at the root of the project):\n    - 'lib/ignored.dart'\n    # Globs are also supported\n    - '**.g.dart'\n\n  # List of rules that dart_shield will use to analyze your code\n  rules:\n    - prefer_https_over_http\n    - avoid_hardcoded_secrets\n\n  # Some rules need more fine-tuning and are marked as experimental.\n  # You can enable them by setting `enable_experimental` to `true`.\n  enable_experimental: true\n\n  # List of experimental rules that dart_shield will use to analyze your code\n  # ⚠️ Experimental rules are subject to change and may not be as stable as regular rules.\n  # ⚠️ Using \"experimental_rules\" without setting \"enable_experimental\" to \"true\" will cause an error.\n  experimental_rules:\n    - avoid_hardcoded_urls\n    - avoid_weak_hashing\n    - prefer_secure_random\n```\n\n# Rules\n\ndart_shield includes a set of predefined rules to analyze Dart code for potential security flaws,\nsimilar to how linter rules enforce code style.\n\n## List of rules\n\n- avoid_hardcoded_secrets: Detects hardcoded secrets, such as API keys and passwords.\n- avoid_hardcoded_urls: Detects hardcoded URLs.\n- prefer_https_over_http: Detects the use of insecure HTTP connections.\n- avoid_weak_hashing: Detects the use of weak hashing algorithms, such as MD5 and SHA-1.\n- prefer_secure_random: Detects the use of non-secure random number generators.\n\n# Contributing\n\nThis project is still under construction, so contributions might be limited. However, one of the\nmain goals of this project is to provide a free, open-source tool for the community, emphasizing\nthe importance of security accessibility.\n\nOnce the project is production-ready, contributions will be welcome.\n\nIf you have any ideas, suggestions, or wish to contribute, feel free to open an issue.\n\n# License\n\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyardexx%2Fdart_shield","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyardexx%2Fdart_shield","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyardexx%2Fdart_shield/lists"}