smithy

module

v0.71.0 Latest Latest Go to latest Published: Mar 19, 2025 License: Apache-2.0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/smithy-security/smithy

Links

README ¶

Smithy

Smithy is a workflow engine for security tooling powered by smithy.security that automates security teams' frameworks built on top of Open Cybersecurity Schema Framework.

Links

Architecture: understand how Smithy works
SDK: build your custom security tooling on top of Smithy. Example.
Smithyctl: CLI to build and execute workflows
Blog
Smithy at AppSecDublin: slides and video
Smithy at State Of Open Conf UK 2025: slides and video

Getting Started

Prerequisites

Go
Docker
Install Smithy with go install github.com/smithy-security/smithy/smithyctl@latest

Execute a workflow

Clone this repository git clone https://github.com/smithy-security/smithy.git and run the following command from within it:

smithyctl workflow run --spec-path=examples/golang/workflow.yaml --build-component-images=true

Check the findings in the logs.

Contacts

Join our Discord server to get support and ask questions.

Directories ¶

Path	Synopsis
api
proto/v1
cmd
smithyctl
smithyctl/components
smithyctl/migrations
smithyctl/pipelines
components
consumers Package consumers provides helper functions for working with Smithy compatible outputs as a Consumer.	Package consumers provides helper functions for working with Smithy compatible outputs as a Consumer.
consumers/arangodb
consumers/aws-s3 Package main of the aws-s3 consumer implements a simple consumer for uploading smithy results to the S3 bucket passed as an argument the consumer expects the environment variables AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY to be set	Package main of the aws-s3 consumer implements a simple consumer for uploading smithy results to the S3 bucket passed as an argument the consumer expects the environment variables AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY to be set
consumers/bigquery Package main of the bigquery consumer puts smithy issues into the target bigquery dataset, it will create teh dataset and the schema if one does not exist	Package main of the bigquery consumer puts smithy issues into the target bigquery dataset, it will create teh dataset and the schema if one does not exist
consumers/defectdojo
consumers/defectdojo/client
consumers/defectdojo/types
consumers/dependency-track
consumers/elasticsearch
consumers/jira
consumers/jira/utils
consumers/mongodb
consumers/pdf Package main of the pdf consumer implements a simple consumer for applying a go-template to a smithy scan, converting the result to pdf and then uploading the result to the S3 bucket passed as an argument the consumer expects the environment variables AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY to be set along with the "bucket" and "region" arguments to be passed	Package main of the pdf consumer implements a simple consumer for applying a go-template to a smithy scan, converting the result to pdf and then uploading the result to the S3 bucket passed as an argument the consumer expects the environment variables AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY to be set along with the "bucket" and "region" arguments to be passed
consumers/slack
consumers/slack/types
consumers/slack/utils
consumers/stdout-json
enrichers Package enrichers provides helper functions for writing Smithy compatible enrichers that enrich smithy outputs.	Package enrichers provides helper functions for writing Smithy compatible enrichers that enrich smithy outputs.
enrichers/aggregator
enrichers/codeowners Package main of the codeowners enricher handles enrichment of individual issues with the groups/usernames listed in the github repository CODEOWNERS files.	Package main of the codeowners enricher handles enrichment of individual issues with the groups/usernames listed in the github repository CODEOWNERS files.
enrichers/custom-annotation Package main of the codeowners enricher handles enrichment of individual issues with the groups/usernames listed in the github repository CODEOWNERS files.	Package main of the codeowners enricher handles enrichment of individual issues with the groups/usernames listed in the github repository CODEOWNERS files.
enrichers/deduplication
enrichers/depsdev
enrichers/depsdev/types
enrichers/github-url Package main of the codeowners enricher handles enrichment of individual issues with the groups/usernames listed in the github repository CODEOWNERS files.	Package main of the codeowners enricher handles enrichment of individual issues with the groups/usernames listed in the github repository CODEOWNERS files.
enrichers/policy
enrichers/policy/opaClient
enrichers/reachability
enrichers/reachability/internal/atom
enrichers/reachability/internal/atom/purl
enrichers/reachability/internal/conf
enrichers/reachability/internal/enricher
enrichers/reachability/internal/fs
enrichers/reachability/internal/logging
enrichers/reachability/internal/search
producers Package producers provides helper functions for writing Smithy compatible producers that parse tool outputs.	Package producers provides helper functions for writing Smithy compatible producers that parse tool outputs.
producers/aggregator
producers/brakeman
producers/cdxgen Package main of the cdxgen producer parses the CycloneDX output of cdxgen and create a singular Smithy issue from it	Package main of the cdxgen producer parses the CycloneDX output of cdxgen and create a singular Smithy issue from it
producers/checkov
producers/dependency-check
producers/dependency-check/types
producers/dependency-track Package main of the dependency track producer reads a dependency track export and translates it to smithy format	Package main of the dependency track producer reads a dependency track export and translates it to smithy format
producers/docker-trivy
producers/docker-trivy/types
producers/github-advanced-security
producers/github-advanced-security/gha
producers/github-codeql
producers/github-codeql-go
producers/github-codeql-javascript-typescript
producers/github-codeql/runner
producers/github-dependabot
producers/golang-gosec
producers/golang-nancy
producers/golang-nancy/types
producers/java-findsecbugs
producers/kics
producers/kics/types
producers/ossf-scorecard
producers/python-bandit
producers/python-pip-safety
producers/python-pip-safety/types
producers/semgrep
producers/semgrep/types
producers/snyk-docker
producers/terraform-tfsec
producers/terraform-tfsec/types
producers/testsslsh
producers/testsslsh/types
producers/trufflehog Package main implements the binary for parsing trufflehog results into the smithy format	Package main implements the binary for parsing trufflehog results into the smithy format
producers/typescript-eslint
producers/typescript-eslint/eslint-wrapper
producers/typescript-eslint/types
producers/typescript-yarn-audit
producers/typescript-yarn-audit/types
producers/zaproxy
producers/zaproxy/types
sources/dependency
reporters/defectdojo Module
reporters/discord Module
reporters/elasticsearch Module
reporters/jira Module
reporters/json-logger Module
reporters/linear Module
reporters/pdf Module
reporters/slack Module
scanners/bandit Module
scanners/checkov Module
scanners/codeql Module
scanners/gosec Module
scanners/kics Module
scanners/mobsfscan Module
scanners/osv-scanner Module
scanners/semgrep Module
scanners/snyk Module
scanners/trivy Module
scanners/trufflehog Module
scanners/zaproxy Module
targets/git-clone Module
new-components
enrichers/custom-annotation Module
reporters/json-logger Module
scanners/bandit Module
scanners/gosec Module
targets/git-clone Module
pkg
components
context Package context offers a set of methods which permit components to	Package context offers a set of methods which permit components to
cyclonedx
db
enrichment
enumtransformers Package enumtransformers transforms from smithy internal enums to text and back	Package enumtransformers transforms from smithy internal enums to text and back
files
files/mock
github
github/mock
http/mock
jira/config
jira/document
jira/jira
k8s
k8s/fake
manifests
pipelines
playwright
playwright/mock
putil
s3
s3/mock
sarif
templating Package templating includes helper methods that apply go templates to Smithy Raw and Enriched Issues and return the resulting str	Package templating includes helper methods that apply go templates to Smithy Raw and Enriched Issues and return the resulting str
testutil Package testutil contains helper functions and subpackages to make testing the project easier	Package testutil contains helper functions and subpackages to make testing the project easier
types/v1
utils
version
sdk module
smithyctl module

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL