We are glad to announce the general public release of Sec3 Premium (formerly Soteria) — the premier security analysis service for Solana smart contracts.
Sec3 Pro offers a number of features:
Sec3 Pro is available at https://pro.sec3.dev. Sec3 team is also glad to offer a free plan for the Solana ecosystem.
Go to https://pro.sec3.dev
The free plan has limited features (e.g., it detects only a subset of the 40+ SVEs). To upgrade, choose a Build or Scale plan and fill in payment info (either by card or US bank account)
Go to https://github.com/sec3dev/pro-action
The secret token can be found on the dashboard under the “Account” tab.
After acquiring the token, navigate to your repository, click Settings -> Secrets -> Actions -> New Repository Secret, Name the token as SEC3_TOKEN in the Name field, paste the token in the Value field and click Add secret.
Warning: DO NOT explicitly include your token in the workflow.
Next, add a workflow (.github/workflows/sec3.yml):
A full sample sec3.yml file can be found here. The following shows a snapshot of the Github action result:
Sec3 Pro can also be integrated with Code scanning alerts on Github:
Note: to enable this feature for private repos, Github requires an organization account and a Github Advanced Security license.
The configuration has two steps:
(1) Set up code scanning (follow Github’s docs)
(2) add a workflow (.github/workflows/sec3-alerts.yml):
A full sample sec3-alerts.yml file can be found here.
The screenshot above shows a detected missing signer check issue in Code scanning alerts.
Sec3 Pro also generates a SARIF report of the results, which can be downloaded from the dashboard.
An “auto-audit” certificate will be generated by Sec3 Pro when no issues are found. Click “Download Certificate”, a certificate pdf will be downloaded:
Sec3 is founded by leading minds in the fields of blockchain security and software verification. Sec3's mission is to create a decentralized future that is secure. Sec3 team is currently building a trustworthy platform for securing Solana projects.