🛡️Secure Your CI Pipeline in Minutes with HuskyCI (SAST for Multiple Languages) huskyci

In today’s fast-paced software world, integrating security into your CI/CD pipeline is no longer optional — it’s essential. Fortunately, there are open-source tools that make it easier than ever. In this article, I’ll show you how to use HuskyCI, a powerful open-source tool that performs security tests automatically as part of your CI process and centralizes all results for easy analysis.

🧠 What is HuskyCI?
HuskyCI (Husky Continuous Integration) is an open-source tool developed by Globo.com that automates security testing in CI pipelines. It runs Static Application Security Testing (SAST) tools for multiple programming languages and provides a centralized view of vulnerabilities across your projects.

🧪 It supports a wide range of tools and languages:

• Python: Bandit, Safety
• Ruby: Brakeman
• JavaScript: NPM Audit, Yarn Audit
• Java: SpotBugs + FindSecBugs
• Go: Gosec

⚙️ Getting Started with HuskyCI
✅ Step 1: Clone the Repository

git clone https://github.com/globocom/huskyCI.git
cd huskyCI

✅ Step 2: Install with Docker and Docker Compose
Make sure you have Docker and Docker Compose installed. Then run:

make install
make run

This will spin up all necessary containers (API, workers, tools, database).

🛠️ How to Use HuskyCI
Once up and running, trigger scans by sending your code to the HuskyCI API or by integrating it into your GitHub Actions or GitLab CI pipeline.

Example scan via command-line:

curl -X POST http://localhost:8888/api/analysis \
-H "Content-Type: application/json" \
-d '{"repositoryURL":"https://github.com/.../huskyci-demo", "branch":"main"}'

HuskyCI will:

• Clone the repository
• Detect the programming language
• Run the appropriate SAST tools
• Store and return the results

📊 Sample Output
The response from the scan will include a list of findings, organized by tool and severity:

{
  "Bandit": [
    {
      "file": "vulnerable_app.py",
      "line": 5,
      "issue": "Subprocess call with shell=True",
      "severity": "High"
    }
  ],
  "Safety": [],
  ...
}

You can then visualize or process this data as needed.

🤖 GitHub Actions Integration
Want to trigger HuskyCI on each push or pull request? Here’s an example workflow:

name: HuskyCI Scan

on: [push, pull_request]

jobs:
  huskyci-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Trigger HuskyCI Scan
        run: |
          curl -X POST http://your-huskyci-instance/api/analysis \
          -H "Content-Type: application/json" \
          -d '{"repositoryURL":"...", "branch":"main"}'

Make sure your CI runner has access to your HuskyCI instance.

📦 Demo Repository
👉 Check out the full working example here:
🔗 https://github.com/Brunoenr02/HuskyCIDemo

This repo includes:

• A vulnerable Python script
• GitHub Actions workflow to trigger scans

✅ Conclusion
HuskyCI is a great solution if you want to automate security scans across multiple languages in your CI/CD workflows. It’s free, open-source, and battle-tested by major companies.

Start integrating HuskyCI today — your pipeline will thank you, and your code will be safer!