Frequently Asked Questions

What is The HorizonSec Project?

The HorizonSec Project is an open-source security framework designed to make application security transparent, actionable, and accessible to builders of all levels. We provide modular security tools that integrate directly into your development workflow, offering static code analysis, infrastructure scanning, endpoint security, and orchestration capabilities.

Who is HorizonSec for?

HorizonSec is built for everyone who builds software:

• Solo developers building side projects
• Small teams at startups
• Engineering teams at mid-size companies
• Enterprise development organizations
• Security teams looking for open-source alternatives
• DevOps engineers embedding security in CI/CD

If you write code or manage infrastructure, HorizonSec is for you.

How is HorizonSec different from other security tools?

1. Truly Open Source: No bait-and-switch. Everything is MIT licensed with full source code available.

2. Modular Architecture: Use individual modules independently or combine them. Start small, scale up.

3. Builder-First Design: Designed for developers, not security specialists. Clear, actionable feedback instead of cryptic reports.

4. Multi-Cloud Native: Works across AWS, GCP, Azure, and on-premises without vendor lock-in.

5. Community-Driven: Built by the community, for the community, with transparent development.

What are the four core modules?

🌍 GAIA Framework: Security orchestration and management layer that ties everything together.

🏹 ARTEMIS: Static code analysis for vulnerabilities and security anti-patterns.

🌱 DEMETER: Infrastructure security scanning for cloud resources and IaC.

💀 HADES: Endpoint security and runtime monitoring for containers and applications.

What programming languages are supported?

ARTEMIS currently supports:

• JavaScript/TypeScript
• Python
• Java/Kotlin
• Go
• C#/.NET
• PHP
• Ruby
• Rust (coming soon)
• Swift (coming soon)

We're continuously adding support for more languages based on community demand.

Where can I see the project roadmap?

Our detailed roadmap is available on our Roadmap page. We also maintain public project boards on GitHub where you can track development progress in real-time. All planning discussions happen in our GitHub Discussions forum.

How do I install HorizonSec?

There are several installation options:

# CLI Installation
npm install -g @horizonsec/artemis-cli
pip install horizonsec-demeter

# Docker
docker run horizonsec/artemis scan .

# Library/SDK
npm install @horizonsec/artemis
pip install horizonsec-sdk

See our Getting Started guide for detailed instructions.

Do you support my CI/CD platform?

Yes! We provide native integrations for:

• GitHub Actions
• GitLab CI/CD
• Jenkins
• CircleCI
• Azure DevOps
• Bitbucket Pipelines

For other platforms, you can use our CLI tools or Docker containers.

Do you support my cloud provider?

DEMETER currently supports:

• AWS: Full support for all major services
• Google Cloud: In development (Q1 2025)
• Microsoft Azure: In development (Q1 2025)
• On-premises: Kubernetes and infrastructure scanning

Multi-cloud support is a high priority on our roadmap.

How fast are the scans?

Performance varies by project size and complexity:

• Small projects (<10k lines): 10-30 seconds
• Medium projects (10k-100k lines): 30-120 seconds
• Large projects (>100k lines): 2-10 minutes

We use intelligent caching and incremental analysis to speed up subsequent scans.

Can I customize the security rules?

Yes! Each module supports custom configuration:

• Custom rules: Define organization-specific security patterns
• Severity levels: Adjust finding severity based on your risk tolerance
• Exclusions: Ignore false positives or accepted risks
• Policy enforcement: Set quality gates and failure thresholds

Configuration is done through .horizonsec.yml files or CLI arguments.

How do I integrate with my existing security tools?

HorizonSec supports standard output formats:

• SARIF: Static Analysis Results Interchange Format
• JSON/XML: Machine-readable formats for custom integrations
• JUnit: Test result format for CI/CD systems
• Webhooks: Real-time notifications to your systems

We also provide APIs and SDKs for deeper integrations.

Is HorizonSec really free?

Yes, completely free. HorizonSec is licensed under the MIT License, which means:

• Free to use for any purpose (personal, commercial, enterprise)
• Free to modify and distribute
• No hidden costs or premium tiers
• No feature gating or "enterprise-only" capabilities
• No required registration or license keys

We believe security should be accessible to everyone.

Can I use HorizonSec in commercial projects?

Absolutely! The MIT License explicitly allows commercial use. You can:

• Use HorizonSec in commercial software development
• Integrate it into proprietary products and services
• Modify the source code for your needs
• Distribute modified versions (while maintaining attribution)

The only requirement is to include the original copyright notice and license.

Do you plan to introduce paid features?

No. We're committed to keeping all HorizonSec functionality free and open source. Our philosophy is:

• No "community edition" with limited features
• No bait-and-switch to paid versions
• No hosted services with subscription models
• No enterprise licensing requirements

The project is supported by the community and maintained by volunteers and sponsors.

How is the project funded?

The HorizonSec Project is funded through:

• Volunteer contributions: Time and expertise from community members
• Sponsorships: Organizations that benefit from and support the project
• Grants: Open source and security-focused foundation grants
• Community donations: Optional financial support from users

All funding is transparent and used solely for project development and infrastructure.

What about liability and warranty?

Like most open source software, HorizonSec is provided "as is" without warranty. However:

• We maintain high code quality standards
• Extensive testing and community review
• Responsive issue resolution
• Transparent development process

For enterprise deployments, consider professional support or consulting services from community experts.

How can I contribute to HorizonSec?

There are many ways to contribute, regardless of your technical background:

• Code: Bug fixes, features, performance improvements
• Documentation: Guides, tutorials, API docs, examples
• Testing: Bug reports, user feedback, QA
• Ideas: Feature requests, RFCs, research
• Design: UI/UX, graphics, branding
• Community: Support, mentoring, advocacy

Visit our Community page to get started.

I'm new to open source. Can I still contribute?

Absolutely! We welcome contributors of all experience levels. We provide:

• Good first issues: Beginner-friendly tasks labeled for new contributors
• Mentorship: Experienced contributors to guide you through your first PRs
• Documentation: Comprehensive guides for getting started
• Supportive community: Helpful and patient community members

Everyone started somewhere, and we're here to help you learn.

What's the development workflow?

Our development process is designed to be transparent and inclusive:

1. Discussion: Ideas start in GitHub Discussions or Discord
2. Issues: Concrete tasks are tracked as GitHub issues
3. Development: Contributors work on branches and submit PRs
4. Review: Maintainers and community review changes
5. Testing: Automated tests and manual verification
6. Merge: Approved changes are merged to main branches

How are decisions made?

We use a community-driven decision-making process:

• RFCs: Major changes go through Request for Comments process
• Community input: All stakeholders can participate in discussions
• Consensus building: We seek agreement rather than voting
• Maintainer guidance: Core maintainers provide technical direction
• Transparency: All decisions are documented publicly

How do I become a maintainer?

Maintainership is earned through consistent, valuable contributions:

• Regular contributions: Sustained involvement over time
• Technical expertise: Deep understanding of the codebase
• Community involvement: Helping others and building relationships
• Leadership: Taking initiative on important issues
• Alignment: Commitment to project values and goals

Current maintainers nominate new maintainers based on these criteria.

Where can I get help?

We offer several support channels:

• Discord: Real-time help from the community (#help channel)
• GitHub Discussions: Q&A and longer-form help requests
• Documentation: Comprehensive guides and troubleshooting
• GitHub Issues: Bug reports and feature requests

Community support is free and provided by volunteers.

Is there professional support available?

While the core project doesn't offer commercial support, several options exist:

• Community experts: Contributors who offer consulting services
• System integrators: Companies specializing in security tool implementation
• Managed services: Third parties offering hosted HorizonSec solutions

We maintain a list of recommended service providers in our documentation.

How do I report a bug?

To report a bug:

1. Check existing issues to avoid duplicates
2. Use the appropriate repository (artemis, demeter, etc.)
3. Provide a clear description and reproduction steps
4. Include relevant logs, configuration, and environment details
5. Use the bug report template for consistency

Security vulnerabilities should be reported privately to security@horizonsec.org

When will the tools be available?

Development timeline:

• ARTEMIS & DEMETER: Alpha release expected Q1 2025
• GAIA Framework: Alpha release expected Q2 2025
• HADES Endpoint: Alpha release expected Q3 2025
• Beta releases: Expected Q4 2025

See our Roadmap for detailed timelines and progress tracking.

Can I request a feature?

Yes! We welcome feature requests through:

• GitHub Discussions: Discuss ideas and gather community input
• GitHub Issues: Formal feature requests with detailed requirements
• Discord: Informal discussion and brainstorming
• RFCs: Major features requiring design documentation

Community voting and feedback helps us prioritize development efforts.

How do I stay updated on the project?

Stay informed through:

• GitHub: Star repositories for release notifications
• Discord: Join for real-time updates and discussions
• Social media: Follow @HorizonSecProject on Twitter
• Newsletter: Monthly digest (coming soon)
• Blog: Development updates and insights (coming soon)