Used to authorize the sending of unsafe requests.

Used to pass the path to a certificate that will be sent on the http request to the horusec server.

Used to pass project path in host when running horusec cli inside a container By default is empty.

Used to pass personalized images of horusec tools.

Used to pass the path to the horusec custom rules file.

Used to run horusec without docker if enabled it will only run the following tools: horusec-csharp, horusec-kotlin, horusec-kubernetes, horusec-leaks, horusec-nodejs.

Used to enable or disable search with vulnerability author.

This setting is to know if I want enable run gitleaks tools and analysis in all git history searching vulnerabilities By default is false Validation: It is mandatory to be in "false", "true".

Used to enable or disable information severity vulnerabilities, information vulnerabilities can contain a lot of false positives.

Used to skip vulnerability of type false positive By default is empty.

This setting is to know which files and folders I want to ignore to send for analysis By default we ignore each other: * Folders: "/.horusec/", "/.idea/", "/.vscode/", "/tmp/", "/bin/", "/node_modules/", "/vendor/" * Files: ".jpg", ".png", ".gif", ".webp", ".tiff", ".psd", ".raw", ".bmp", ".heif", ".indd", ".jpeg", ".svg", ".ai", ".eps", ".pdf", ".webm", ".mpg", ".mp2", ".mpeg", ".mpe", ".mp4", ".m4p", ".m4v", ".avi", ".wmv", ".mov", ".qt", ".flv", ".swf", ".avchd", ".mpv", ".ogg",.

This setting is to setup the path to run analysis keep current path in your base.

Used send others headers on request to send in horusec-api By default is empty.

This setting has the purpose of identifying where the url where the horusec-api service is hosted will be By default is http://0.0.0.0:8000 Validation: It is mandatory to be a valid url.

This setting is to know in which directory you want the output of the json file generated by the output types json or sonarqube to be located.

This setting will identify how many in how many seconds I want to check if my analysis is close to the timeout By default is 15 Validation: It is mandatory to be greater than 10.

This setting is to know what type of output you want for the analysis (text, json, sonarqube) By default is text Validation: It is mandatory to be in text, json, sonarqube.

This setting is to know if I want to change the analysis directory and do not want to run in the current directory.

This setting is to identify which repository you are analyzing from.

Used to send the repository name to the server, must be used together with the company token.

This setting is to know if I want return exit(1) if I find any vulnerability in the analysis By default is false Validation: It is mandatory to be in "false", "true".

Used to skip vulnerability of type risk accept By default is empty.

This setting is to find out what types of severity I don't want you to recognize as a vulnerability.

This setting will identify how long I want to wait in seconds to carry out an analysis that includes: acquiring a project, sending it to analysis containers and acquiring a response By default is 600 Validation: It is mandatory to be greater than 10.

This setting will identify how long I want to wait in seconds to send the analysis object to horusec-api By default is 300 Validation: It is mandatory to be greater than 10.

Used to set configurations of tools By default is setup: { }.

DEPRECATED on 16 dec 2020.

This setting is to know in which directory I want to perform the analysis of each language.