Redirected from 
README
¶
codeanalyzevcs
codeanalyzevcs is designed as an orchestration tool that can help security teams kick off Continuous Integration (CI) jobs within their existing Version Control Systems to perform various code analysis capabilities. It is intended to work hand in hand with codeanalyze which is responsible for actually conducting the scans within the CI pipelines.
By leveraging codeanalyzevcs, security operators can integrate a variety of code analysis workflows into their automation needs, ensuring that they have visibility into the security of their networks all the way from source code to running binaries. Designed with data-modeling and data-integration needs in mind, codeanalyzevcs can be used on its own as an interactive CLI, orchestrated as part of a broader data pipeline, or leveraged from within the Method Platform.
We are constantly growing the types of version control systems and CI platforms that codeanalyzevcs can integrate with. For the most up to date listing, please see the documentation here
To learn more about codeanalyzevcs, please see the Documentation site for the most detailed information.
Quick Start
Get codeanalyzevcs
For the full list of available installation options, please see the Installation page. For convenience, here are some of the most commonly used options:
docker run methodsecurity/codeanalyzevcsdocker run ghcr.io/method-security/codeanalyzevcs- Download the latest binary from the Github Releases page
- Installation documentation
Authentication
Depending on the command you are running, you may need to export environment variables that will be used to authenticate to the version control system. Please see the specific command documentation for the environment variables that are used.
Examples
codeanalyzevcs gitlab \
--vcs-url https://gitlab.com/api/v4 \
--project-id 12345 \
--branch develop \
--code-analyze-type semgrep \
--config-type template \
--config-value secrets
Contributing
Interested in contributing to codeanalyzevcs? Please see our organization wide Contribution page.
Want More?
If you're looking for an easy way to tie codeanalyzevcs into your broader cybersecurity workflows, or want to leverage some autonomy to improve your overall security posture, you'll love the broader Method Platform.
For more information, visit us here
Community
codeanalyzevcs is a Method Security open source project.
Learn more about Method's open source source work by checking out our other projects here or our organization wide documentation here.
Have an idea for a Tool to contribute? Open a Discussion here.
Documentation
¶
There is no documentation for this package.
Source Files
Directories