flatt-security / shisho

Lightweight static analyzer for several programming languages
https://docs.shisho.dev
GNU Affero General Public License v3.0
372 stars 15 forks source link
code-analysis devsecops go rust security static-analysis terraform terraform-security

shisho

shisho

GitHub Release GitHub Marketplace License Documentation Test Playground

Shisho is a lightweight static analyzer for developers.

Please see the usage documentation for further information.

demo

Try at Playground

You can try Shisho at our playground.

Try with Docker

You can try shisho in your machine as follows:

echo "func test(v []string) int { return len(v) + 1; }" | docker run -i ghcr.io/flatt-security/shisho-cli:latest find "len(:[...])" --lang=go
echo "func test(v []string) int { return len(v) + 1; }" > file.go
docker run -i -v $(pwd):/workspace ghcr.io/flatt-security/shisho-cli:latest find "len(:[...])" --lang=go /workspace/file.go

Install with pre-built binaries

When you'd like to run shisho outside docker containers, please follow the instructions below:

Linux / macOS

Run the following command(s):

# Linux
wget https://github.com/flatt-security/shisho/releases/latest/download/build-x86_64-unknown-linux-gnu.zip -O shisho.zip
unzip shisho.zip
chmod +x ./shisho
mv ./shisho /usr/local/bin/shisho

# macOS
wget https://github.com/flatt-security/shisho/releases/latest/download/build-x86_64-apple-darwin.zip -O shisho.zip
unzip shisho.zip
chmod +x ./shisho
mv ./shisho /usr/local/bin/shisho

Then you'll see a shisho's executable in /usr/local/bin.

Windows

Download the prebuild binary from releases and put it into your %PATH% directory.

If you're using Windows Subsystem for Linux, you can install shisho with the above instructions.

More