We are glad to announce the general public release of Sec3 Premium (formerly Soteria) — the premier security analysis service for Solana smart contracts.
Sec3 Pro offers a number of features:
Go to https://pro.sec3.dev
The free plan has limited features (e.g., it detects only a subset of the 40+ SVEs). To upgrade, choose a Build or Scale plan and fill in payment info (either by card or US bank account)
The secret token can be found on the dashboard under the “Account” tab.
After acquiring the token, navigate to your repository, click Settings -> Secrets -> Actions -> New Repository Secret, Name the token as SEC3_TOKEN in the Name field, paste the token in the Value field and click Add secret.
Warning: DO NOT explicitly include your token in the workflow.
Next, add a workflow (.github/workflows/sec3.yml):
A full sample sec3.yml file can be found here. The following shows a snapshot of the Github action result:
Sec3 Pro can also be integrated with Code scanning alerts on Github:
Note: to enable this feature for private repos, Github requires an organization account and a Github Advanced Security license.
The configuration has two steps:
(1) Set up code scanning (follow Github’s docs)
(2) add a workflow (.github/workflows/sec3-alerts.yml):
A full sample sec3-alerts.yml file can be found here.
The screenshot above shows a detected missing signer check issue in Code scanning alerts.
Sec3 Pro also generates a SARIF report of the results, which can be downloaded from the dashboard.
An “auto-audit” certificate will be generated by Sec3 Pro when no issues are found. Click “Download Certificate”, a certificate pdf will be downloaded:
Sec3 is founded by leading minds in the fields of blockchain security and software verification. Sec3's mission is to create a decentralized future that is secure. Sec3 team is currently building a trustworthy platform for securing Solana projects.