CLI tool 'Secably' catches expiring TLS certs and weak security headers in CI
A lightweight command-line tool called Secably lets developers automatically check TLS certificate expiry, HTTP security headers, DNS posture, and subdomain exposure directly from the terminal. The tool can be integrated into CI pipelines via a one-line GitHub Action that fails the build if a certificate is nearing expiry or if security headers fall below a set grade. Secably scores HTTP response headers from A to F across six key headers, including HSTS, Content-Security-Policy, and X-Frame-Options, and flags stack-leaking headers like verbose Server values. It also checks DNS records for SPF, DMARC, and DNSSEC misconfigurations, and discovers subdomains passively using public Certificate Transparency logs without sending traffic to the target. The tool runs entirely locally with no third-party data sharing, and supports JSON output for integration with other pipeline tools.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in