Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Needed Installation steps #1

Open
vikas1389 opened this issue Aug 6, 2020 · 5 comments
Open

Needed Installation steps #1

vikas1389 opened this issue Aug 6, 2020 · 5 comments

Comments

@vikas1389
Copy link

Hi - we wanted to do a local repo scan- could u please list the steps for installation! it would be best!
@wkokolis
Copy link

Hi - we wanted to do a local repo scan- could u please list the steps for installation! it would be best!

I tried to submit a PR for this, but cannot push to the repo.

Assuming you already have Go installed, do the following:

cd cmd/secret-scanner
go build

You can then copy the finished binary to wherever you'd like (somewhere on your PATH is best):

cp secret-scanner /usr/local/bin/secret-scanner

@vikas1389
Copy link
Author

@wkokolis By any chance would we have a docker image which will make its onboarding smooth?

@vikas1389
Copy link
Author

@wkokolis as when I run go build I get below errors:

main . Go: 18: 2: Canot find package -github.com/grab/secret-scanner/scanner" in any of:
/usrflib/golang/src/github.cm/grab/secret-scanner/scanner (from $GOROOT)
frootfgo/src/github.com/grab/secret-scanner/scanner (from $GOPATH)
main . go: 19:2: cannot find package -github.com/grab/secret-scanner/scanner/gitprovider" in any of:
/usrflib/golang/src/github.com/grab/secret-scanner/scanner/gitprovider (frorn $GOROOT)
/root/go/src/github.cm/grab/secret-scanner/scanner/gitprovider (fpm $GOPATH)
main cannot find package "github.com/grab/secret-scanner/scanner/optionsn in any of:
/usr/lib/golang/src/github.com/grab/secret-scanner/scanner/options (from $GOROOT)
/root/go/src/github.cm/grab/secret-scanner/scanner/options (from $GOPATH)
go:21:2: cannot find package -github.com/grab/secret-scanner/scanner/session- in any of:
main .
/usr/lib/golang/src/github.cm/grab/secret-scanner/scanner/session (from $GOROOT)
/root/go/src/github.com/grab/secret-scanner/scanner/session (from $GOPATH)
main .go:16:2: cannot find package -github.com/joho/godotenv" in any of:
/usr/1Lb/golang/src/gLthub.cm/joho/godotenv (from $GOROOT)
/root/go/src/github.cm/joho/godotenv (frm $GOPATH)

@wkokolis
Copy link

wkokolis commented Sep 2, 2020

@vikas1389 I could try to put one together, but either I'm messing up the build process as well or the software just doesn't work. I've scanned a repository that I am extremely confident should trigger a positive result, but the output is:

{
        "Stats": {
                "StartedAt": "2020-09-02T08:38:09.538004071-04:00",
                "FinishedAt": "2020-09-02T08:38:32.827943112-04:00",
                "Status": "finished",
                "Progress": 100,
                "Targets": 1,
                "Repositories": 1,
                "Commits": 0,
                "Files": 0,
                "Findings": 0
        },
        "Findings": null,
        "Repositories": [
                {
                        "Owner": "",
                        "ID": "REDACTED",
                        "Name": "REDACTED",
                        "FullName": "REDACTED/REDACTED",
                        "CloneURL": "https://github.com/REDACTED/REDACTED.git",
                        "URL": "https://api.github.com/repos/REDACTED/REDACTED",
                        "DefaultBranch": "master",
                        "Description": "",
                        "Homepage": ""
                }
        ],
        "StateStore": {
                "DataFile": {},
                "Records": {}
        }
}

I tried a second set of build commands, but the test results were no different:

git clone [email protected]:grab/secret-scanner
cd secret-scanner
cp cmd/secret-scanner/main.go .
CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -tags static_all -o ~/bin/scanner2 -v

For what it's worth, I'm running go 1.12.17 linux/amd64. I will keep working at it a little while longer, but it feels like a lost cause.

@wkokolis
Copy link

wkokolis commented Sep 2, 2020

@vikas1389 Here's a Dockerfile which should at least help you get the software built. Again, I'm not really sure if I'm building this incorrectly or if it just doesn't work:

ARG GOVER=1.15.1-alpine
FROM golang:$GOVER

ENV GITHUB_TOKEN use
ENV ORG real
ENV REPO values

COPY . /build

WORKDIR /build

RUN addgroup appguy \
  && adduser -S -G appguy appguy \
  && apk add --no-cache bash git \
  && cp cmd/secret-scanner/main.go . \
  && CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -tags static_all -o /usr/local/bin/secret-scanner -v \
  && chmod +x /usr/local/bin/secret-scanner

WORKDIR /

USER appguy

CMD secret-scanner -repos ${ORG}/${REPO}

Once built, run as follows:
docker run --rm -e GITHUB_TOKEN=<your_github_access_token> -e ORG=<github_org_name> -e REPO=<github_repo_name> <image_name>

Same results (shorter because no JSON output):

Github Scanning Started at 2020-09-02T13:10:26Z
Loaded 121 signatures
 Retrieved repository: <my_org>/<my_repo>
 Retrieved 1 repository from github
Analyzing 1 repository...
Gitlab Scanning Finished at 2020-09-02T13:10:37Z

Findings....: 0
Files.......: 0
Commits.....: 0
Repositories: 1
Targets.....: 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vikas1389 @wkokolis