Getting started

We provide Docker containers with the Machine Standalone CLI.

They can be found on the DockerHub repository.

Running locally

You can run the Docker container with

docker run -v /dir/to/scan:/my-dir fluidattacks/cli:arch skims scan /my-dir

Where

• /dir/to/scan is the path to the directory you want to scan.
• arch is either amd64 or arm64.

tip

You can also pass custom arguments like URLs and configuration files

Running on your CI/CD provider

Below are some configuration examples to set up the Docker Container on some of the most popular CI/CD providers.

GitHub Actions

# .github/workflows/dev.yml
name: Standalone CLI
on: [push, pull_request]
jobs:
   machineStandalone:
      runs-on: ubuntu-latest
      steps:
         - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
         - uses: docker://docker.io/fluidattacks/cli:latest
         name: machineStandalone
         with:
            args: skims scan /dir/to/scan

GitLab CI

# .gitlab-ci.yml
machineStandalone:
image: docker.io/fluidattacks/cli:latest
script:
   - skims scan /dir/to/scan

Travis CI

# .travis.yml
services:
    - docker
before_install:
    - docker pull fluidattacks/cli:latest
    - docker run fluidattacks/cli:latest /bin/bash -c "cd /dir/to/scan"
script:
    - skims scan .

tip

If you want to break the build on your CI/CD pipeline when vulnerabilities are found, you can use the strict option in the configuration file.

tip

If the scan is taking too long to complete, try using the recursion limit option in the configuration file.

tip

If you encounter a false positive during development, try using the exclusions as code flag.