Welcome to Shisho
Shisho is a lightweight static code analyzer designed for developers. It is, so to speak, like a pluggable and configurable linter; it gives developers a way to codify your domain knowledge over your code as rules. With powerful automation and integration capabilities, the rules will help you find and fix issues semiautomatically.
Key Concept: Detection-as-Code for Code
Shisho provides a means of achieving Detection-as-Code for your code. It allows us to analyze and transform your source code with our intuitive DSL. Here's an example of policies for Terraform code:
version: '1'rules:- id: 'unencrypted-ebs-volume'language: hclmessage: |There was unencrypted EBS module.pattern: |resource "aws_ebs_volume" :[NAME] {:[...X]}constraints:- target: Xshould: not-matchpattern: |encrypted = truerewrite: |resource "aws_ebs_volume" :[NAME] {:[X]encrypted = true}
Getting Started
Just pull and run our docker image, and you're ready to use 🎉
docker run -i -v $(pwd):/workspace ghcr.io/flatt-security/shisho-cli:latest
See Getting Started to learn Shisho more.
Strengths
Shisho has mainly two strengths: it runs everywhere, and it runs extremely fast.
📝 We already have
sedor something like that. There are already several static analysis engines in the world indeed. Now you may wonder why do we need Shisho now --- see this page ("Comparison") page to know that.
1. Run Extremely Fast
In addition, Shisho runs everywhere! You can use this tool offline so that you don't need to transfer your code anywhere. One can use Shisho inside Continuous Integration (CI) systems like GitHub Actions.
2. Run Everywhere
Another key aspect of Shisho is speed; it runs so fast with the help of Rust! See Comparison page for further information.
Language Support
See the roadmap for further details. You can request new language support at GitHub issues!
Feedback
We'd love to hear your feedback! Feel free to ask Shisho team anything at GitHub issues.