shisho: lightweight static code analyzer designed for developers and security teams

From securityonline.info

The key motivation of Shisho is providing a means of Security-as-Code for Code. It allows us to analyze and transform your source code with an intuitive DSL. Here’s an example of policies for Terraform code:

Read more…