Shisho Cloud evolved into a more sophisticated and developer-friendly security tool
Ryota Kojima
Posted on February 16, 2022
Hello, I am Ryota, a product manager. Shisho Cloud beta was released in October 2021 and has been added new features and improved many functions for a few months. Today, I will introduce some exciting updates of Shisho Cloud.
What is Shisho Cloud?
Shisho Cloud is a security tool built for developers. The brief of features are:
- Simply linking to hosting services such as GitHub allows you to receive automatic security reviews. Shisho Cloud can find security issues in Terraform code at the moment.
- Issues found during automatic security reviews also provide suggested solutions, allowing you to generate fix patches with the click of a button.
Even if you have never used Shisho Cloud, you can try it on the link below. It is entirely free, and no credit card registration is required.
Five Function Updates
To allow more developers to experience Shisho Cloud, we have primarily expanded the number of compatible services and increased its linkages.
Link to GitLab and BitBucket Repositories
In addition to GitHub, which has been supported, GitLab and Bitbucket repositories can now be linked to Shisho Cloud to scan repositories hosted on those services. In conjunction with this update, sign in/register on GitLab and Bitbucket is also available.
Scan Result Notification for Pull/Merge Requests
You will not have to access Shisho Cloud every time to check possible security issues. Every creating a pull or merge request, the scan results and possible solutions will be displayed on GitHub, GitLab, and Bitbucket. You can easily maintain the secure Terraform code by pull request-based development processes.
More than 200 Built-in Policies to Find Security Issues
In addition to Amazon Web Service and Google Cloud Platform, Shisho Cloud can also detect Terraform security issues on Microsoft Azure now. We finally reached the number of detectable security issues by more than 200.
Issue Notifications Now Under Control
Have you ever repeatedly received the same alerts from automatic review tools like Shisho Cloud? Shisho Cloud has been updated to control issue notifications on a file or entirely or partially directory basis to deal with the issues. You will never again have to stare at meaningless and stressful notifications as you write your code!
UI Update for UX improvement
The most exciting news might be the update of Shisho Cloud’s UI. The main differences are:
- Significant changes to the UI’s theme.
- Changes to how source code is displayed, making it easy to use even on a small screen.
- Additional information such as resource names added to issue notifications, making it easier to see which resources have security issues.
- Dataset filtering/sorting is available to reach a target record easily
And many more for you to discover!
Our Goal
Shisho Cloud supports Terraform code to maintain the healthy IaC code at this stage, but of course, we plan to expand it so much more! Shisho Cloud hopes to make the software supply chain safe, from when the developer writes the code until the product is delivered to focus on developing products without any concern.
The further details of our upcoming updates, which must be exciting announcements, will be separately posted in blog articles. We will proactively update Shisho Cloud’s functions to achieve all developers’ best developer-friendly security tools.
If you have any product-related advice, opinions, or function requests, please feel free to send a message.
Posted on February 16, 2022
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
February 16, 2022