Added "Security Tools" category and "Scout: Bug Fighter" entry #939
Conversation
|
Thank you so much for the PR! We'll get it reviewed and approve or let you know if we have any feedback 🙏 |
|
Hi! Sorry for the delay on reviewing this. It's on our radar and we'll get to it soon. |
No problem! Let me know if you need any further clarifications. |
|
This is actually really awesome. The reports, especially the HTML format, is really clear and easy to use and has a lot of great context for how to resolve the issue.
|
|
The VS code extension is great too, identifying security issues early in the dev process.
|
There was a problem hiding this comment.
@briwylde08 @ElliotFriend @carstenjacobsen This is actually a really cool dev tool.
The VSCode plugin identifies security vulnerabilities directly in the IDE with really rich hover text context.
The output reports are really detailed too and give context to the dev about how to resolve the vulnerability.
I would go farther and say we should recommend this dev tool as a best practice.
I would just be curious how @matiascabello maintains the detectors and vulnerability library in terms of keeping it up-to-date with new Soroban releases.
Def 👍 up for me to 🚢 . See prior comments for verification of functionality
|
Great feedback! Thank you @anataliocs! @ElliotFriend I'm happy to merge if you are. |
|
Love to hear it! Thanks @anataliocs for testing and vetting it!! 👍🏻 |
|
Alright, thanks again @matiascabello! |
This PR adds the "Security Tools" category to the "Developer Tools" documentation, with "Scout: Bug Fighter" as the first entry in this new category.
Scout is a static code analysis tool designed to assist Soroban developers and auditors in identifying potential security threats, with a strong focus on detection capabilities, usability, and developer experience.
Maintainability
Scout is under active development and has continuous support. Since its launch in June 2023, 17 versions have been released, three of them in the past 30 days. The most recent release (0.2.15) has been downloaded 264 times from the crates.io Rust package manager. The total number of downloads since Scout's launch has reached over 7,000. See Scout crates.io entry here.
Functionality
Scout analyzes Soroban smart contracts to identify potential issues and deviations from best practices, helping developers write safer and more reliable code. Please refer to this video for a quick introduction.
It currently supports 23 detectors, with 4 additional detectors to be released shortly.
The tool includes various features to facilitate smooth integration into developers' workflows:
Documentation
Scout includes comprehensive documentation on detectors and tool usage, available here.
Community Support
Scout has been awarded in 3 Stellar Community Fund submissions, and the Scout team remains active in Soroban's developer community.
In addition, we have ongoing initiatives to contribute to the community with educational material on security and Soroban development:
Scout website: https://www.coinfabrik.com/products/scout/
Scout repository: https://github.com/CoinFabrik/scout-soroban