Perform a Software Composition Analysis scan

Use DigiCert® Software Trust Manager Threat detection powered by FOSSA to scan your software for malware, vulnerabilities, secrets, and more before releasing your software to the public.

Nota

Add app.fossa.com to your approved list to prevent your firewall or proxy from blocking calls to FOSSA's cloud.

Prerequisites

Software Trust Manager client tools (version 1.39.0 or higher)
Secure your credentials
Check out the source code repository before running the scan

Install FOSSA

To install FOSSA:

ejemplo 1. Windows

Use this command using PowerShell:

Set-ExecutionPolicy Bypass -Scope Process -Force; iex  ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.ps1'))

Use this command using SCOOP:

scoop install fossa

ejemplo 2. Linux (64-bit)

curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash

ejemplo 3. macOS

curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash

Create a project

Create a project to store all your related software scans, such as different versions of the same software. The software project will be referred to by a descriptive name and an alias to allow for easy reference.

You can create a project in Software Trust Manager or SMCTL:

ejemplo 4. Software Trust Manager

To create a project:

Sign in to DigiCert ONE.
Navigate to the Manager menu (top right) > Software Trust.
In the left navigation bar, select Account > Projects.
Click Create a project.

Complete the following fields:

Field	Description
Project name	Enter a unique name to identify the project.
Project alias	Enter a shortened version of the project name above. Sugerencia Project aliases are limited to 150 alphanumeric characters. Underscores and hyphens are also allowed.
Repository URL (optional)	Provide a link to relevant source code or binaries related to this project.
Documentation URL (optional)	Provide a link to documentation related to your repository.
Team This field displays when teams are enabled.	Select the team that works on this project.

Select Add.

ejemplo 5. SMCTL

To create a project, use the command:

smctl scan project create <project name> <project alias>

Command sample:

smctl scan project create project1 p1

Scan with Software Composition Analysis

To scan source code with FOSSA, use the command:

smctl scan fossa-scan --input <source code directory> --project <project alias> --scan-alias <scan alias>

Command sample:

smctl scan fossa-scan --input app/SB-Setup/test-project --version HEAD --project xyz --scan-alias scan1

Sugerencia

Refer to errors and solutions if you encounter an error.

View scan results

To view your software scan results:

Sign in to DigiCert ONE.
Navigate to Manager menu icon (top right).
Select Software Trust.
Navigate to Threat detection.
Click on the scan alias.
Assess your threat detection results.

En esta sección:

Perform a Software Composition Analysis scan

Nota

Prerequisites

Install FOSSA

Create a project

Sugerencia

Scan with Software Composition Analysis

Sugerencia

View scan results

Related articles

Resultados de la búsqueda