Scan your software with FOSSA

Use DigiCert® Software Trust Manager Threat detection powered by FOSSA to scan your software for malware, vulnerabilities, secrets, and more before releasing your software to the public.

Anmerkung

Add app.fossa.com to your approved list to prevent your firewall or proxy from blocking calls to FOSSA's cloud.

Prerequisites

Software Trust Manager client tools (version 1.39.0 or higher)
Secure your credentials
Check out the source code repository before running the scan

Install FOSSA

To install FOSSA:

Beispiel 1. Windows

Use this command using PowerShell:

Set-ExecutionPolicy Bypass -Scope Process -Force; iex  ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.ps1'))

Use this command using SCOOP:

scoop install fossa

Beispiel 2. Linux (64-bit)

curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash

Beispiel 3. macOS

curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash

Create a project

Create a project to store all your related software scans, such as different versions of the same software. The software project will be referred to by a descriptive name and an alias to allow for easy reference.

You can create a project in Software Trust Manager or SMCTL:

Beispiel 4. Software Trust Manager

To create a project:

Sign in to DigiCert ONE.
Navigate to the Manager menu (top right) > Software Trust.
In the left navigation bar, select Account > Projects.
Click Create a project.

Complete the following fields:

Field	Description
Project name	Enter a unique name to identify the project.
Project alias	Enter a shortened version of the project name above. Tipp Project aliases are limited to 150 alphanumeric characters. Underscores and hyphens are also allowed.
Repository URL (optional)	Provide a link to relevant source code or binaries related to this project.
Documentation URL (optional)	Provide a link to documentation related to your repository.
Team	Select the team that works on this project.

Select Add.

Beispiel 5. SMCTL

To create a project, use the command:

smctl scan project create <project name> <project alias>

Command sample:

smctl scan project create project1 p1

Scan with FOSSA

To scan source code with FOSSA, use the command:

smctl scan fossa-scan --input <source code directory> --project <project alias> --scan-alias <scan alias>

Command sample:

smctl scan fossa-scan --input app/SB-Setup/test-project --version HEAD --project xyz --scan-alias scan1

Tipp

Refer to errors and solutions if you encounter an error.

View scan results

To view your software scan results:

Sign in to DigiCert ONE.
Navigate to Manager menu icon (top right).
Select Software Trust.
Navigate to Threat detection.
Click on the scan alias.
Assess your threat detection results.

In diesem Abschnitt:

Scan your software with FOSSA

Anmerkung

Prerequisites

Install FOSSA

Create a project

Tipp

Scan with FOSSA

Tipp

View scan results

Related articles

Suchresultat