What we do
GuardRails provides continuous security feedback that empowers developers to find, fix, and prevent vulnerabilities and enables teams to create web and mobile applications securely, without needing external expertise.
Why we do
With GuardRails, the objective is not to try to remove all potential vulnerabilities, but to remove the most obvious ones; those that would be easiest to exploit and cause the highest damage: "there are so many vulnerabilities and attack vectors... Especially, if we limit ourselves to the Top 10 in the OWASP ranking, there has not been much evolution over the last 10 years".
How we do
GuardRails is designed as a platform to make open source security tools easily accessible, by initially integrating them with GitHub pull requests; Support for GitLab and BitBucket will be added later. The platform performs static analysis of the source code to detect potential vulnerabilities, including unsecured use of SQL queries, regular expressions, dangerous functions, poorly managed authentication, file management or dangerous configuration, etc. Dependencies are also analysed for known vulnerabilities. The platform also tracks hard-coded secrets.
