14 policies were run and no breaches were detected.
52
+
14 policies were run and no failures were detected.
53
53
54
54
```
55
55
56
56
Curio helps developers and security teams to:
57
57
58
58
- Protect their application from leaking sensitive data (*loggers, cookies, third-parties, etc*.)
59
-
- Protect their application from having their sensitive data breached (*missing encryption, insecure communication, SQL injection, etc.*)
59
+
- Protect their application from having their sensitive data failed (*missing encryption, insecure communication, SQL injection, etc.*)
60
60
- Monitor sensitive data flows across every component (*Data stores, internal and external APIs*)
61
61
62
62
Curio is Open Source ([*see license*](#mortar_board-license)), and is built to be fully customizable, from creating your own policies, to adding custom code detectors up to enriching our data classifiers.
skipped 38 lines
101
101
102
102
The easiest way to try out Curio is with our example project, [Bear Publishing](https://github.com/Bearer/bear-publishing). It simulates a realistic Ruby application with common data security flaws. Clone or download it to a convenient location to get started. Alternately, you can use your own application. Check the [supported languages](#supported-language) to see if your stack supports a policy report.
103
103
104
-
*You won't need to run the sample project. Curio scan the codebase without running the application.*
104
+
*You won't need to run the sample project. Curio scans the codebase without running the application.*
105
105
106
106
Now, run the scan command with `curio scan` on the project directory:
107
107
skipped 3 lines
111
111
112
112
A progress bar will display the status of the scan.
113
113
114
-
Once the scan is complete, Curio will output a policy report with details of any policy breaches, as well as where in the codebase the infractions happened.
114
+
Once the scan is complete, Curio will output a policy report with details of any policy failures, as well as where in the codebase the infractions happened.
115
115
116
116
### Analyze the report
117
117
118
118
The policy report is an easily digestible view of the data security problems detected by Curio. A report is made up of:
119
119
120
120
- The list of [policies](https://curio.sh/reference/policies/) run against your code.
121
-
- Each detected breach, containing the file location and lines that triggered the policy breach.
121
+
- Each detected failure, containing the file location and lines that triggered the policy failure.
122
122
- A summary of the report with the stats for passing and failing policies.
123
123
124
-
The [Bear Publishing](https://github.com/Bearer/bear-publishing) example application will trigger policy breaches and output a full report. Here's a section of the output:
124
+
The [Bear Publishing](https://github.com/Bearer/bear-publishing) example application will trigger policy failures and output a full report. Here's a section of the output:
125
125
126
126
```text
127
127
128
-
HIGH: Application level encryption missing policy breach with PHI, PII
128
+
HIGH: Application level encryption missing policy failure with PHI, PII
129
129
Application level encryption missing. Enable application level encryption to reduce the risk of leaking sensitive data.
130
130
131
131
File: /bear-publishing/db/schema.rb:22
skipped 6 lines
138
138
139
139
=====================================
140
140
141
-
Policy breaches detected
141
+
Policy failures detected
142
142
143
-
14 policies were run and 12 breaches were detected.
143
+
14 policies were run and 12 failures were detected.
144
144
145
145
CRITICAL: 0
146
146
HIGH: 10 (Application level encryption missing, Insecure HTTP with Data Category, JWT leaking, Logger leaking, Cookie leaking, Third-party data category exposure)
CRITICAL: JWT leaking policy breach with Personal data
18
+
CRITICAL: JWT leaking policy failure with Personal data
19
19
JWT leaks detected. Avoid storing sensitive data in JWTs.
20
20
21
21
File: lib/jwt.rb:6
skipped 12 lines
34
34
35
35
=====================================
36
36
37
-
Policy breaches detected
37
+
Policy failures detected
38
38
39
-
14 policies were run and 6 breaches were detected.
39
+
14 policies were run and 6 failures were detected.
40
40
41
41
CRITICAL: 0
42
42
HIGH: 4 (Insecure HTTP with Data Category, Logger leaking, JWT leaking, Cookie leaking)
skipped 121 lines
164
164
The detectors report type is the most low-level, data-rich type. You’re unlikely to use this report on its own, but it can be useful for building your own tooling based on the data parsed by Curio.
165
165
166
166
To run your first detectors report, run `curio scan` with the `--report detectors` flag.
The easiest way to try out Curio is with our example project, [Bear Publishing](https://github.com/Bearer/bear-publishing). It simulates a realistic Ruby application with common data security flaws. Clone or download it to a convenient location to get started. Alternately, you can use your own application.
43
43
44
-
*You won't need to run the sample project. Curio scan the codebase without running the application.*
44
+
*You won't need to run the sample project. Curio scans the codebase without running the application.*
45
45
46
46
Now, run a scan with `curio scan` on the project directory:
47
47
skipped 3 lines
51
51
52
52
A progress bar will display the status of the scan.
53
53
54
-
Once the scan is complete, Curio will output a policy report with details of any policy breaches, as well as where in the codebase the infractions happened.
54
+
Once the scan is complete, Curio will output a policy report with details of any policy failures, as well as where in the codebase the infractions happened.
55
55
56
56
### Analyze the report
57
57
58
58
The policy report is an easily digestible view of the data security problems detected by Curio. A report is made up of:
59
59
60
60
- The list of [policies](/reference/policies/) run against your code.
61
-
- Each detected breach, containing the file location and lines that triggered the policy breach.
61
+
- Each detected failure, containing the file location and lines that triggered the policy failure.
62
62
- A summary of the report with the stats for passing and failing policies.
63
63
64
-
The [Bear Publishing](https://github.com/Bearer/bear-publishing) example application will trigger policy breaches and output a full report. Here's a section of the output containing a breach snippet and the final summary:
64
+
The [Bear Publishing](https://github.com/Bearer/bear-publishing) example application will trigger policy failures and output a full report. Here's a section of the output containing a failure snippet and the final summary:
65
65
66
66
```text
67
67
68
-
HIGH: Application level encryption missing policy breach with PHI, PII
68
+
HIGH: Application level encryption missing policy failure with PHI, PII
69
69
Application level encryption missing. Enable application level encryption to reduce the risk of leaking sensitive data.
70
70
71
71
File: /bear-publishing/db/schema.rb:22
skipped 6 lines
78
78
79
79
=====================================
80
80
81
-
Policy breaches detected
81
+
Policy failures detected
82
82
83
-
14 policies were run and 12 breaches were detected.
83
+
14 policies were run and 12 failures were detected.
84
84
85
85
CRITICAL: 0
86
86
HIGH: 10 (Application level encryption missing, Insecure HTTP with Data Category, JWT leaking, Logger leaking, Cookie leaking, Third-party data category exposure)
skipped 2 lines
89
89
```
90
90
91
91
The policy report is just one report type available in Curio. Additional options for using and configuring the `scan` command can be found in the [scan documentation](/reference/commands/#scan). For additional guides and usage tips, [view the docs](https://curio.sh).