Tutorials¶
First audit with Exakat¶
In this tutorial, we’ll use an open source project called ‘sculpin’ as a guinea pig. You can replace it with any accessible source code of yours. The name of the project is also ‘sculpin’, though this is both self-descriptive and arbitrary.
Init a project¶
php exakat.phar doctor
php exakat.phar init -p sculpin -R https://github.com/sculpin/sculpin.git
After this step, there is a folder ‘sculpin’ inside the ‘projects’ folder. The files will be stored there.
Run exakat¶
php exakat.phar project -p sculpin -v
This command runs the default configuration over the requested code source. After displaying the different steps, it provides a first report: Diplomat.
Open the report, with a web browser: it is located in projects/sculpin/diplomat.
Congratulations, this is your first audit.
First audit with Exakat (Docker)¶
In this tutorial, we’ll use an open source project called ‘sculpin’ as a guinea pig. You can replace it with any accessible source code of yours. The name of the project is also ‘sculpin’, though this is both self-descriptive and arbitrary.
Init a project¶
docker run -it -v $(pwd)/projects:/usr/src/exakat/projects --rm --name my-exakat exakat/exakat exakat init -p sculpin -R https://github.com/sculpin/sculpin.git
After this step, there is a folder ‘sculpin’ inside the ‘projects’ folder. The files will be stored there.
docker run -it -v /home/my-user/.ssh:/home/exakat/ssh -v $(pwd)/projects:/usr/src/exakat/projects --rm --name my-exakat exakat/exakat exakat project -p sculpin -v
Run exakat¶
docker run -it -v $(pwd)/projects:/usr/src/exakat/projects --rm --name my-exakat exakat/exakat exakat project -p sculpin -v
This command runs the default configuration over the requested code source. After displaying the different steps, it provides a first report: Diplomat.
Open the report, with a web browser: it is located in projects/sculpin/diplomat.
Congratulations, this is your first audit.
First audit within the code (Local)¶
This tutorial show how to run exakat within the code source itself, instead of running it with a separate folder. This is adapted to reports that are displayed directly in the terminal.
As a pre requisite, you should have installed Exakat on your system, and, in a different folder, hold some source code that needs to be audited.
Init the project¶
Exakat recognizes the code as an auditable source code when it can find a .exakat.ini
or .exakat.yaml
file in the source. YAML has priority when both are present.
The .exakat.yaml
file :
project = "exakat";
project_reports[] = "Text";
The .exakat.yaml
file :
::¶
project: exakat project_reports:
Text
In case both files are found, the .INI
file has precedence.
Run exakat¶
php /path/to/installation/exakat.phar project -v
This command runs the default configuration over the code source. It displays immediately the audit as a Text file, directly in the terminal.
First audit within the code (Docker)¶
In this tutorial, we show how to run exakat within the code source itself, instead of running it with a separate folder. We’ll use a Docker installation for that.
As a pre requisite, you should have pulled the exakat/exakat:latest on your docker installation; and, in a different folder, hold some source code that needs to be audited.
Init the project¶
Exakat recognizes the code as an auditable source code when it can find a .exakat.ini
or .exakat.yaml
file in the source. YAML file has priority when both are present.
The .exakat.yaml
file :
project = "exakat";
project_reports[] = "Text";
The .exakat.yaml
file :
::¶
project: exakat project_reports:
Text
In case both files are found, the .INI
file has precedence.
Run exakat¶
docker run -it -v $(pwd):/src --rm --name my-exakat exakat/exakat exakat project
This command runs the default configuration over the code source. The report is displayed immediately in the terminal.
Congratulations, this is your first audit.