VerinFast™
Welcome to the Scanning Agent.
This tool safely and securely analyzes applications for benchmarking.
Requirements:
- Python3 - Test with
python3 --version
- pip - Test with
pip -V
- SSH access to code repositories - Test with
git status
- Command line tool access to cloud hosting providers
- Admin privileges on the computer used to run the agent
- Outbound internet access (for posting results and fetching dependency metadata)
- Your dependency mangement tools (e.g.
npm
or yarn
or maven
)
To run the Agent:
- Install this package with
pip install verinfast
- In a directory with a
config.yaml
file run
verinfast
- Alternatively you can point to a config with
verinfast --config=/path/to/config
Config Options
- If you want to check the output for yourself you can set
should_upload: false
, and use the flag --output=/path/to/dir
. This will give you the chance to inspect what we collect before uploading. For large repositories, it is a lot of information, but we never upload your code or any credentials, just the summary data we collect.
Troubleshooting:
Python
- Run
python3 -m pip install --upgrade pip setuptools wheel
git
- Run
which git
, git --version
- Run
ssh -vT git@github.com
to test access to GitHub
AWS
- Run
which aws
, aws --version
Azure
- Run
az git
, az --version
- Run
az account subscription list
to check subscription Id
Semgrep
- Run
which semgrep
, semgrep --version
pip
- Run
which pip
- If no
pip
, run:
curl -o get-pip.py https://bootstrap.pypa.io/get-pip.py
python get-pip.py
OR python3 get-pip.py
Run sudo apt update
Copyright 2023 Startos Inc.