Welcome to the Scanning Agent.

This tool safely and securely analyzes applications for benchmarking.

• Python3 - Test with python3 --version
• pip - Test with pip -V
• SSH access to code repositories - Test with git status
• Command line tool access to cloud hosting providers
• Admin privileges on the computer used to run the agent
• Outbound internet access (for posting results and fetching dependency metadata)
• Your dependency mangement tools (e.g. npm or yarn or maven)

• Install this package with pip install verinfast
• In a directory with a config.yaml file run verinfast
  • Alternatively you can point to a config with verinfast --config=/path/to/config

• If you want to check the output for yourself you can set should_upload: false, and use the flag --output=/path/to/dir. This will give you the chance to inspect what we collect before uploading. For large repositories, it is a lot of information, but we never upload your code or any credentials, just the summary data we collect.

• Run python3 -m pip install --upgrade pip setuptools wheel

• Run which git, git --version
• Run ssh -vT [email protected] to test access to GitHub

• Run which aws, aws --version

• Run az git, az --version
• Run az account subscription list to check subscription Id

• Run which semgrep, semgrep --version

• Run which pip
• If no pip, run: curl -o get-pip.py https://bootstrap.pypa.io/get-pip.py python get-pip.py OR python3 get-pip.py Run sudo apt update

Copyright 2023 Startos Inc.