Tools & Licenses

The vision behind GuardRails is to make security a commodity. GuardRails leverages the best security tools from the open-source community. These security tools power our engines. Our expert team configures the tools and carefully tunes the rule-set. With GuardRails you can use these tools across your repositories within minutes.

GuardRails only exists because we are standing on the shoulders of giants. This page acknowledges the giants. We are deeply grateful for their work.

Apex

pmd - Apache-2.0
- Apex Rules

C/C++

flawfinder - GPL-2.0
Semgrep - C - [LPGL-2.1](https://github.com/returntocorp/semgrep/blob/develop/LICENSE

Dotnet

Mobile

Supporting Android/iOS/Windows mobile applications

Mobile Security Framework (MobSFScan) - LGPL-3.0

PHP

phpcs-security-audit - GPL-3.0
Semgrep - PHP - [LPGL-2.1](https://github.com/returntocorp/semgrep/blob/develop/LICENSE

Python

Bandit - Apache-2.0
Safety - MIT
Semgrep - Python - [LPGL-2.1](https://github.com/returntocorp/semgrep/blob/develop/LICENSE

Ruby

Brakeman - MIT
- GuardRails leverages Brakeman v4.3.1. The latest release before the license change and acquisition by Synopsis.
Bundler Audit - GPL-3.0
Rubocop - MIT
- Rubocop-Gitlab-Security - MIT

Rust

Cargo Audit - Apache-2.0/MIT

Solidity

Solhint - MIT
MythX - This is our first commercial scanning tool integration.

Terraform

tfsec - MIT

TypeScript

tslint - Apache-2.0
- tslint-config-security - MIT

Generic

Detect-Secrets - Apache-2.0
GuardRails Internal Secret Detection Engine

GuardRails

General

Android

Apex

C/C++

Dotnet

Elixir

Go

iOS

Java

Javascript/TypeScript

Kubernetes

PHP

Python

Ruby

Rust

Solidity

Terraform

Apex

C/C++

Dotnet

Elixir

Golang

Java

Javascript

Kubernetes

Mobile

PHP

Python

Ruby

Rust

Solidity

Terraform

TypeScript

Generic