This tool safely and securely analyzes applications for benchmarking.


Licenses
AFL-3.0/NCGL-UK-2.0
Install
pip install verinfast==0.6.7

Documentation

Python Release codecov Contributor Covenant

VerinFastâ„¢

Welcome to the Scanning Agent.

This tool safely and securely analyzes applications for benchmarking.

Requirements:

  • Python3 - Test with python3 --version
  • pip - Test with pip -V
  • SSH access to code repositories - Test with git status
  • Command line tool access to cloud hosting providers
  • Admin privileges on the computer used to run the agent
  • Outbound internet access (for posting results and fetching dependency metadata)
  • Your dependency mangement tools (e.g. npm or yarn or maven)

To run the Agent:

  • Install this package with pip install verinfast
  • In a directory with a config.yaml file run verinfast
    • Alternatively you can point to a config with verinfast --config=/path/to/config

Config Options

  • If you want to check the output for yourself you can set should_upload: false, and use the flag --output=/path/to/dir. This will give you the chance to inspect what we collect before uploading. For large repositories, it is a lot of information, but we never upload your code or any credentials, just the summary data we collect.

Troubleshooting:

Python

  • Run python3 -m pip install --upgrade pip setuptools wheel

git

  • Run which git, git --version
  • Run ssh -vT git@github.com to test access to GitHub

AWS

  • Run which aws, aws --version

Azure

  • Run az git, az --version
  • Run az account subscription list to check subscription Id

Semgrep

  • Run which semgrep, semgrep --version

pip

  • Run which pip
  • If no pip, run: curl -o get-pip.py https://bootstrap.pypa.io/get-pip.py python get-pip.py OR python3 get-pip.py Run sudo apt update

Copyright 2023 Startos Inc.