Skip to content

Commit 07ed8a9

Browse files
add quick docs
1 parent d0f5afc commit 07ed8a9

1 file changed

Lines changed: 202 additions & 0 deletions

File tree

Lines changed: 202 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,202 @@
1+
# Scanner Installation Quick Reference
2+
3+
Quick commands for installing and using security scanners with goenv.
4+
5+
## Installation
6+
7+
### All Open Source Scanners
8+
```bash
9+
goenv tools install grype trivy
10+
```
11+
12+
### Add Commercial Scanner
13+
```bash
14+
goenv tools install snyk
15+
```
16+
17+
### Install for All Go Versions
18+
```bash
19+
goenv tools install grype trivy snyk --all
20+
```
21+
22+
## Verification
23+
24+
```bash
25+
# List installed tools
26+
goenv tools list
27+
28+
# Check versions
29+
grype version
30+
trivy --version
31+
snyk --version
32+
33+
# Check if installed
34+
goenv tools status
35+
```
36+
37+
## Authentication
38+
39+
### Snyk
40+
```bash
41+
# Set token
42+
export SNYK_TOKEN="your-token"
43+
44+
# Or browser auth
45+
snyk auth
46+
47+
# Test
48+
snyk test --help
49+
```
50+
51+
### Veracode (Manual Installation)
52+
```bash
53+
# Download wrapper
54+
mkdir -p $HOME/.veracode
55+
wget https://downloads.veracode.com/securityscan/VeracodeJavaAPI.jar \
56+
-O $HOME/.veracode/VeracodeJavaAPI.jar
57+
58+
# Set credentials
59+
export VERACODE_API_KEY_ID="your-key-id"
60+
export VERACODE_API_KEY_SECRET="your-secret"
61+
export VERACODE_WRAPPER_PATH="$HOME/.veracode/VeracodeJavaAPI.jar"
62+
63+
# Test
64+
java -jar $VERACODE_WRAPPER_PATH -version
65+
```
66+
67+
#### Alternate instructions
68+
69+
See the [Veracode CLI installation guide](https://docs.veracode.com/r/Install_the_Veracode_CLI).
70+
71+
## Usage Workflow
72+
73+
```bash
74+
# 1. Install scanner
75+
goenv tools install grype
76+
77+
# 2. Generate SBOM
78+
goenv sbom project --enhance -o sbom.json
79+
80+
# 3. Scan
81+
goenv sbom scan sbom.json
82+
83+
# 4. Try different scanners
84+
goenv tools install trivy snyk
85+
goenv sbom scan sbom.json --scanner=trivy
86+
goenv sbom scan sbom.json --scanner=snyk --severity=high
87+
```
88+
89+
## Updates
90+
91+
```bash
92+
# Check for updates
93+
goenv tools outdated
94+
95+
# Update specific scanner
96+
goenv tools update grype
97+
98+
# Update all
99+
goenv tools update grype trivy snyk
100+
```
101+
102+
## Troubleshooting
103+
104+
### Scanner Not Found
105+
```bash
106+
# Check if installed
107+
which grype
108+
109+
# Reinstall
110+
goenv tools uninstall grype
111+
goenv tools install grype
112+
```
113+
114+
### Snyk Authentication Error
115+
```bash
116+
# Check token
117+
echo $SNYK_TOKEN
118+
119+
# Re-authenticate
120+
snyk auth
121+
122+
# Test connection
123+
snyk test --org=your-org-id
124+
```
125+
126+
### Version Conflicts
127+
```bash
128+
# List tools across versions
129+
goenv tools list --all
130+
131+
# Sync tools between versions
132+
goenv tools sync-tools 1.21.0 1.22.0
133+
```
134+
135+
## Team Setup
136+
137+
Add to `.goenv/default-tools.yaml`:
138+
139+
```yaml
140+
enabled: true
141+
update_strategy: auto
142+
143+
tools:
144+
- name: grype
145+
package: github.com/anchore/grype/cmd/grype
146+
version: "@latest"
147+
148+
- name: trivy
149+
package: github.com/aquasecurity/trivy/cmd/trivy
150+
version: "@latest"
151+
152+
- name: snyk
153+
package: github.com/snyk/cli/cmd/snyk
154+
version: "@latest"
155+
```
156+
157+
Then team members just run:
158+
```bash
159+
goenv install 1.22.0 # Auto-installs tools
160+
```
161+
162+
## CI/CD Examples
163+
164+
### GitHub Actions
165+
```yaml
166+
- name: Setup Go and scanners
167+
run: |
168+
goenv install 1.22.0
169+
goenv use 1.22.0
170+
goenv tools install grype snyk
171+
172+
- name: Scan with Grype
173+
run: |
174+
goenv sbom project -o sbom.json
175+
goenv sbom scan sbom.json --fail-on=high
176+
177+
- name: Scan with Snyk
178+
env:
179+
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
180+
run: |
181+
goenv sbom scan sbom.json --scanner=snyk --fail-on=high
182+
```
183+
184+
### GitLab CI
185+
```yaml
186+
security_scan:
187+
script:
188+
- goenv install 1.22.0
189+
- goenv tools install grype trivy
190+
- goenv sbom project -o sbom.json
191+
- goenv sbom scan sbom.json --scanner=grype
192+
- goenv sbom scan sbom.json --scanner=trivy
193+
```
194+
195+
## Comparison Matrix
196+
197+
| Scanner | Install Command | Auth Required | License | Best For |
198+
|---------|----------------|---------------|---------|----------|
199+
| Grype | `goenv tools install grype` | No | Free | CI/CD pipelines |
200+
| Trivy | `goenv tools install trivy` | No | Free | Container workflows |
201+
| Snyk | `goenv tools install snyk` | Yes | Freemium | Dev teams |
202+
| Veracode | Manual (Java) | Yes | Enterprise | Compliance |

0 commit comments

Comments
 (0)