From securityonline.info
The key motivation of Shisho is providing a means of Security-as-Code for Code. It allows us to analyze and transform your source code with an intuitive DSL. Here’s an example of policies for Terraform code:
shisho: lightweight static code analyzer designed for developers and security teams