Skip to content

/ crush

A code review helper.
Go Shell Dockerfile
  1. Go 93.6%
  2. Shell 4.3%
  3. Dockerfile 2.1%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio

If nothing happens, download the GitHub extension for Visual Studio and try again.

Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
check
cmd
options
utils
Dockerfile
README.md
TODO.md
build.sh
crush-logo.gif
go.mod
go.sum
main.go

README.md

CRUSH - Code Review Helps Us

A simple tool to assist with code review.

Crush

Installation

Download the appropriate executable from the releases page.

Alternatively docker pull jemurai/crush.

Basic Usage

The most basic use will run the tool on a directory of code.

crush examine --directory /your/code/here

Docker Usage

To run the docker image against a local directory, just do this:

docker run -v <local-directory>:/tmp/toanalyze jemurai/crush:lastest examine --directory /tmp/toanalyze

Setting Expectations

We do a fair amount of code review. As we do that, some things present that are worthy of review pretty much whenever we see them. They are candidate issues. The certainty for any given item may be low, but we put them into this tool because we want to review them.

Pairing with FKIT

fkit is a library we use for handling findings per the OWASP OFF format and integrating them into tool chains. You can use fkit to create findings in proper JSON, push findings to GitHub projects, or even push a finding to a particular PR comment.

We recommend tuning the crush command to produce the findings you want then test integrating with fkit to get the results where you want them.

Local Installation and Use

Get your source code by either:

git clone https://github.com/jemurai/crush or go get github.com/jemurai/crush.

Make changes. Run locally without building.

go run main.go examine --directory /your/code/here

Building Cross Platforms

If you want to build for cross platform use, you can use the build.sh script packaged with crush.

git clone github.com/jemurai/crush
cd $GOPATH/src/github.com/jemurai/crush
build.sh github.com/jemurai/crush

Building The Docker Image

This should be as simple as:

docker build . or docker build -t jemurai/crush:0.1 . -f Dockerfile

Advanced Usage

Crush provides some advanced options (tags, extensions and threshold) as configurable knobs you can turn to try to ensure that you get the results you want.

Additional documentation will added here.

Compare

crush examine --compare <file of old findings> --directory /path/to/code

This will produce JSON for added new findings in the current source (what is found in the directory).

Issues and Roadmap

Are tracked in GitHub Issues.

License

Crush is open source and licenced under an Apache license.

You can’t perform that action at this time.