Shisho is a lightweight static analyzer for developers.
Please see the usage documentation for further information.
You can try Shisho at our playground.
You can try shisho in your machine as follows:
echo "func test(v []string) int { return len(v) + 1; }" | docker run -i ghcr.io/flatt-security/shisho-cli:latest find "len(:[...])" --lang=go
echo "func test(v []string) int { return len(v) + 1; }" > file.go
docker run -i -v $(pwd):/workspace ghcr.io/flatt-security/shisho-cli:latest find "len(:[...])" --lang=go /workspace/file.go
When you'd like to run shisho outside docker containers, please follow the instructions below:
Run the following command(s):
# Linux
wget https://github.com/flatt-security/shisho/releases/latest/download/build-x86_64-unknown-linux-gnu.zip -O shisho.zip
unzip shisho.zip
chmod +x ./shisho
mv ./shisho /usr/local/bin/shisho
# macOS
wget https://github.com/flatt-security/shisho/releases/latest/download/build-x86_64-apple-darwin.zip -O shisho.zip
unzip shisho.zip
chmod +x ./shisho
mv ./shisho /usr/local/bin/shisho
Then you'll see a shisho's executable in /usr/local/bin
.
Download the prebuild binary from releases and put it into your %PATH%
directory.
If you're using Windows Subsystem for Linux, you can install shisho with the above instructions.
- We're also building Shisho as a Service to make Security-as-Code more accessible.
- If you need direct support, you can contact us at
[email protected]
.