DEV Community

Cover image for Shisho Cloud evolved into a more sophisticated and developer-friendly security tool
Ryota Kojima
Ryota Kojima

Posted on • Originally published at

Shisho Cloud evolved into a more sophisticated and developer-friendly security tool

Hello, I am Ryota, a product manager. Shisho Cloud beta was released in October 2021 and has been added new features and improved many functions for a few months. Today, I will introduce some exciting updates of Shisho Cloud.

What is Shisho Cloud?

Shisho Cloud is a security tool built for developers. The brief of features are:

  • Simply linking to hosting services such as GitHub allows you to receive automatic security reviews. Shisho Cloud can find security issues in Terraform code at the moment.
  • Issues found during automatic security reviews also provide suggested solutions, allowing you to generate fix patches with the click of a button.

Even if you have never used Shisho Cloud, you can try it on the link below. It is entirely free, and no credit card registration is required.

Five Function Updates

To allow more developers to experience Shisho Cloud, we have primarily expanded the number of compatible services and increased its linkages.

Link to GitLab and BitBucket Repositories

Link to GitLab and BitBucket Repositories

In addition to GitHub, which has been supported, GitLab and Bitbucket repositories can now be linked to Shisho Cloud to scan repositories hosted on those services. In conjunction with this update, sign in/register on GitLab and Bitbucket is also available.

Scan Result Notification for Pull/Merge Requests

Scan Result Notification for Pull/Merge Requests

You will not have to access Shisho Cloud every time to check possible security issues. Every creating a pull or merge request, the scan results and possible solutions will be displayed on GitHub, GitLab, and Bitbucket. You can easily maintain the secure Terraform code by pull request-based development processes.

More than 200 Built-in Policies to Find Security Issues

Issue Detection

In addition to Amazon Web Service and Google Cloud Platform, Shisho Cloud can also detect Terraform security issues on Microsoft Azure now. We finally reached the number of detectable security issues by more than 200.

Issue Notifications Now Under Control

Have you ever repeatedly received the same alerts from automatic review tools like Shisho Cloud? Shisho Cloud has been updated to control issue notifications on a file or entirely or partially directory basis to deal with the issues. You will never again have to stare at meaningless and stressful notifications as you write your code!

UI Update for UX improvement

Demo Movie

The most exciting news might be the update of Shisho Cloud’s UI. The main differences are:

  • Significant changes to the UI’s theme.
  • Changes to how source code is displayed, making it easy to use even on a small screen.
  • Additional information such as resource names added to issue notifications, making it easier to see which resources have security issues.
  • Dataset filtering/sorting is available to reach a target record easily

And many more for you to discover!

Our Goal

Software Supply Chain

Shisho Cloud supports Terraform code to maintain the healthy IaC code at this stage, but of course, we plan to expand it so much more! Shisho Cloud hopes to make the software supply chain safe, from when the developer writes the code until the product is delivered to focus on developing products without any concern.

The further details of our upcoming updates, which must be exciting announcements, will be separately posted in blog articles. We will proactively update Shisho Cloud’s functions to achieve all developers’ best developer-friendly security tools.

If you have any product-related advice, opinions, or function requests, please feel free to send a message.

Top comments (0)