Package skims

Vulnerability life-cycle management tool.

Release Documentation Downloads Status License

Introduction

About Skims

Skims is a vulnerability scanner tool. This means it scans your source-code and applications and shows you the security problems they have.

Skims is able to constantly monitor the security state of your system. It opens new security findings as they are introduced, and closes security findings once they are no longer present in the system.

At all moments you can read awesome reports and analytics at Integrates:

  • Description of the vulnerability

docs_integrates_description

  • Evidence that the vulnerability exists

docs_integrates_evidences

  • Aggregated analytics

docs_integrates_analytics

  • And many more features!

Quick Start

  1. Install Nix as explained in the tutorial.
  2. Run the following command:

    nix-env -i product -f 'https://gitlab.com/fluidattacks/product/-/archive/master/product-master.tar.gz'

  3. You should be able to execute skims now:

    skims --help

  4. Should you wish to uninstall please run:

    nix-env -e product

Static Analysis

Static Application Security Testing or SAST is used to secure software by reviewing the source code in order to identify vulnerabilities.

Below are the vulnerability types and their description that Skims report:

F060 - CWE-397

Java

Code examples:

public class Test {
  // Vulnerable, Exception is generic
  public static void vulnerable() throws Exception {};

  // Safe, CustomException is not generic
  public static void safe() throws CustomException {};
}

The following exceptions are considered generic:

  • Exception
  • Throwable
  • lang.Exception
  • lang.Throwable
  • java.lang.Exception
  • java.lang.Throwable

Expand source code Browse git
"""Vulnerability life-cycle management tool.

.. include:: ../README.md
.. include:: ../docs/introduction.md
.. include:: ../docs/library.md
"""

Sub-modules

skims.aws
skims.benchmark
skims.cli
skims.config
skims.core
skims.integrates
skims.lib_path
skims.nvd
skims.parse_antlr
skims.parse_babel
skims.parse_cfn
skims.parse_common
skims.parse_hcl2
skims.parse_java
skims.parse_java_properties
skims.parse_json
skims.serialization
skims.state
skims.utils
skims.zone