Running TrustWorks Code Scanner Locally

Introduction

This guide will walk you through the process of running the TrustWorks code scanner on your local machine. By doing so, all code scanning operations will be executed on your device, ensuring that your data is processed securely.

Prerequisites

Ensure you have both Docker and Git installed on your machine.

Using the Pre-Built Image

Our pre-built image facilitates local code scanning. By using this image, you can always ensure that you're working with the latest version of our knowledge base.

However, access to the Docker registry is restricted. To pull the image:

  1. Ensure your AWS account is whitelisted. If it's not, please contact our customer support team to have your Account ID added as a trusted source.
  2. Authenticate to the registry using the following commands:
output="sts" &&
aws sts assume-role --role-arn "arn:aws:iam::871828238455:role/ql-production-code-scanner-role-v2" --role-session-name AWSCLI-Session --external-id ql-on-premise > $output &&

AccessKeyId=$(cat $output | jq -r '.Credentials''.AccessKeyId') &&
SecretAccessKey=$(cat $output | jq -r '.Credentials''.SecretAccessKey') &&
SessionToken=$(cat $output | jq -r '.Credentials''.SessionToken') &&

export AWS_ACCESS_KEY_ID=$AccessKeyId &&
export AWS_SECRET_ACCESS_KEY=$SecretAccessKey &&
export AWS_SESSION_TOKEN=$SessionToken &&

aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin 871828238455.dkr.ecr.eu-west-1.amazonaws.com

Configuring the TrustWorks App

To allow the TrustWorks app to receive information from the scanner, you'll need to set up a Code Scanner integration:

  1. Navigate toGlobal Settings > Integrations .
  2. Click on + New Integration and choose Code Scanner .

  1. For authentication, select API Key .
  2. Generate a new API key by clicking the rotate button.

⚠️ Remember to copy the API key immediately, as it's displayed only once in the UI. You'll need this key to authenticate requests to the Docker image.

  1. 🔗Test connection and + Save it.

Running the Scanner

To run the scanner, paste your API key into the command below. Also, specify the project name, its path, and the number of workers (processes the Docker image uses to process results). Adjusting the number of workers can optimise performance.

$ export API_KEY=[your-api-key]
$ export PROJECT_NAME=[project-name]
$ export SOURCE_PATH=[source-path-to-scan]
$ export WORKERS=[number-of-cpus]

$ docker run \
 -e API_KEY=$API_KEY \ 
 -e CODE_SCANNER_WORKERS=$WORKERS \
 -v $SOURCE_PATH:/code \
 871828238455.dkr.ecr.eu-west-1.amazonaws.com/ql-production-code-scanner-v2:production scan --dir /code --name $PROJECT_NAME -u

After the scan completes, you can view the results in the TrustWorks app by visiting the Code Scanner page.

We hope this guide simplifies the process of running the TrustWorks code scanner locally. If you have any questions or need further assistance, please don't hesitate to reach out.

Still need help? Contact Us Contact Us