sabre-mythx
Advanced tools
Sabre is a security analysis tool for smart contracts written in Solidity. It uses the MythX cloud service which detects a wide range of security issues.
Note: This client is not officially supported by MythX and may not optimally leverage all API features. Consider using the MythX command line client for serious business.
$ npm install -g sabre-mythx
Sign up for a free account on the MythX website to generate an API key. Set the MYTHX_API_KEY enviroment variable by adding the following to your .bashrc or .bash_profile):
export MYTHX_API_KEY=eyJhbGciOiJI(...)
Run sabre analyze <solidity-file> [contract-name] to submit a smart contract for analysis. The default mode is "quick" analysis which returns results after approximately 2 minutes. You'll also get a dashboard link where you can monitor the progress and view the report later.
--mode <quick/standard/deep>
MythX integrates various analysis methods including static analysis, input fuzzing and symbolic execution. In the backend, each incoming analysis job is distributed to a number of workers that perform various tasks in parallel. There are two analysis modes, "quick", "standard" and "deep", that differ in the amount of resources dedicated to the analysis.
--format <text/stylish/compact/table/html/json>
Select the report format. By default, Sabre outputs a verbose text report. Other options stylish, compact, table, html and json. Note that you can also view reports for past analyses on the dashboard.
--clientToolName <string>
You can integrate Sabre into your own MythX tool and become eligible for a share of API revenues. In that case, you'll want to use the --clientToolName argument to override the tool id which is used by the API to identify your tool.
--debug
Dump the API request and reponse when submitting an analysis.
Besides analyze the following commands are available.
- list Get a list of submitted analyses.
- status <UUID> Get the status of an already submitted analysis
- version Print Sabre Version
- apiVersion Print MythX API version
FAQs
Client for the MythX smart contract security analysis service
We found that sabre-mythx demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.