Getting started
We provide Docker containers with the Machine Standalone CLI.
They can be found on the DockerHub repository.
Running locally
You can run the Docker container with
docker run -v /dir/to/scan:/my-dir fluidattacks/cli:arch skims scan /my-dir
Where
/dir/to/scan
is the path to the directory you want to scan.arch
is eitheramd64
orarm64
.
tip
You can also pass custom arguments like URLs and configuration files
Running on your CI/CD provider
Below are some configuration examples to set up the Docker Container on some of the most popular CI/CD providers.
- GitHub Actions
- GitLab CI
- Travis CI
# .github/workflows/dev.yml
name: Standalone CLI
on: [push, pull_request]
jobs:
machineStandalone:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
- uses: docker://docker.io/fluidattacks/cli:latest
name: machineStandalone
with:
args: skims scan /dir/to/scan
# .gitlab-ci.yml
machineStandalone:
image: docker.io/fluidattacks/cli:latest
script:
- skims scan /dir/to/scan
# .travis.yml
services:
- docker
before_install:
- docker pull fluidattacks/cli:latest
- docker run fluidattacks/cli:latest /bin/bash -c "cd /dir/to/scan"
script:
- skims scan .
tip
If you want to break the build on your CI/CD pipeline when vulnerabilities are found, you can use the strict option in the configuration file.
tip
If the scan is taking too long to complete, try using the recursion limit option in the configuration file.
tip
If you encounter a false positive during development, try using the exclusions as code flag.