Skip to content

secguro/secguro-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

430 Commits
.github/workflows
.github/workflows
 
 
build
build
 
 
hooks
hooks
 
 
pkg
pkg
 
 
test_data
test_data
 
 
.gitignore
.gitignore
 
 
.golangci.yaml
.golangci.yaml
 
 
.secguroignore
.secguroignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Prerequisites

Operating System and Architecture

Either:

  • GNU/Linux AMD64
  • Darwin ARM64

Dependencies for Use

  • Python 3 + pipx
  • Java 8 or above; If Java 8, update version must be 251 or above
  • Git (only necessary when using git mode or detector gitleaks)

Dependencies for Development

Installation

  • Download: wget 'https://secguro.github.io/secguro-cli/secguro'
  • Make executable: chmod +x secguro
  • Move to directory in $PATH; e.g. mv secguro ~/.local/bin

Scanning for Problems

Locally

secguro scan [path]

Github Workflow

    - name: Check for Secguro Violations
      run: wget 'https://secguro.github.io/secguro-cli/secguro' && chmod +x secguro && SECGURO_CI_TOKEN="GET THIS TOKEN FROM THE SECGURO WEBAPP" ./secguro scan

Azure Pipeline

    - task: CmdLine@2
      displayName: Check for Secguro Violations
      inputs:
        script: wget 'https://secguro.github.io/secguro-cli/secguro' && chmod +x secguro && SECGURO_CI_TOKEN="GET THIS TOKEN FROM THE SECGURO WEBAPP" ./secguro scan
        workingDirectory: .
        failOnStderr: false # because wget writes to stderr

Fixing Problems

secguro fix [path]

Exit Code

Exit codes ranging from 0 to 250 (inclusive) indicate the number of findings. Exit code 250 indicates 250 or more findings. Ignored findings are not counted.

Exit codes not equal to 0 are useful to make Github Workflows and Azure Pipelines fail.

Switch --tolerance n (or --tolerance=n) may be used to make secguro yield exit code 0 if the number of findigs does not exceed n.

Options

$ secguro scan --help
NAME:
   secguro scan - scan for problems

USAGE:
   secguro scan [command options] [arguments...]

OPTIONS:
   --git                                                      set to scan git history and print commit information (default: false)
   --disabled-detectors value [ --disabled-detectors value ]  list of detectors to disable (semgrep,gitleaks,dependencycheck)
   --format value                                             text or json (default: "text")
   --output value, -o value                                   path to output destination
   --tolerance value                                          number of findings to tolerate when choosing exit code (default: 0)
   --help, -h                                                 show help

$ secguro fix --help
NAME:
   secguro fix - scan for problems and then switch to an interactive mode to fix them

USAGE:
   secguro fix [command options] [arguments...]

OPTIONS:
   --git                                                      set to scan git history and print commit information (default: false)
   --disabled-detectors value [ --disabled-detectors value ]  list of detectors to disable (semgrep,gitleaks,dependencycheck)
   --help, -h                                                 show help

Development

Linter

Compilation

To generate a binary that communicates with the CD server, run:

make

For a developer build that communicates with localhost, run:

make compile-dev

Location of the generated binary: build/secguro

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages