Using Sorts

There are three ways you can use Sorts depending on your needs:

As a standalone application
As a docker container
In your CI/CD pipeline

Using Sorts as a standalone application

Make sure you have the following tools installed in your system:
- Nix.
- Makes.
Now you can use Sorts by calling:
```
m gitlab:fluidattacks/universe@trunk /sorts
```
You can then use the --help flag to learn more about what Sorts can do for you.

The main Sorts function is analyzing a repository and output a file with the names and corresponding probabilities of such files being vulnerable, this can be done with the following command:
```
 m gitlab:fluidattacks/universe@trunk /sorts /path/to/repository
```
You can specify which type of output you want by using the --out flag. More info about the cli here.
When Sorts completes its analysis, it will provide you with a file using the type of output you selected. The results will contain the names of all the files of the repository with a corresponding probability of that file having a vulnerability.

Using Sorts as a container

For using Sorts as a container you only need to have docker installed and then use this command:

docker run -v <path/to/repository>:repo/<repository> ghcr.io/fluidattacks/makes/<arch>:latest m gitlab:fluidattacks/universe@trunk /sorts /repo/<repository>

Replace <path/to/repository> with the absolute path to your repository, <repository> with the name of the repository and <arch> can be either amd64 or arm64.

The command will immediately download the appropriate image for running Sorts, mount your repository's directory in the container, run Sorts to analyze the repository and produce an output file as we already described in the standalone version.

Sorts in your CI/CD

A Makes container can be found in the container registry.

You can use it to run Sorts on any service that supports containers, including most CI/CD providers and then use its results to trigger any action you deem appropriate.

GitHub Actions

   # .github/workflows/dev.yml
   name: Makes CI
   on: [push, pull_request]
   jobs:
      sorts:
         runs-on: ubuntu-latest
         steps:
            - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
            - uses: docker://ghcr.io/fluidattacks/makes/amd64:23.06
            name: sorts
            with:
               args: m gitlab:fluidattacks/universe@trunk /sorts /platform/path/to/repository

GitLab CI

# .gitlab-ci.yml
/sorts:
  image: ghcr.io/fluidattacks/makes/amd64:23.06
  script:
    - m gitlab:fluidattacks/universe@trunk /sorts /platform/path/to/repository

Travis CI

# .travis.yml
os: linux
language: nix
nix: 2.3.12
install: nix-env -if https://github.com/fluidattacks/makes/archive/23.06.tar.gz
jobs:
  include:
    - script: m gitlab:fluidattacks/universe@trunk /sorts /platform/path/to/repository

Sorts also includes a built-in function, currently only on GitLab, that you can use in your Merge Request pipeline to assign more approvers when the mean risk associated with the commit exceeds a value that you can specify. Check more information about this function here

Using Sorts as a standalone application​

Using Sorts as a container​

Sorts in your CI/CD​

GitHub Actions​

GitLab CI​

Travis CI​