How to Run the Code Scanner Locally

This guide explains how to operate the TrustWorks code scanner on your local machine, allowing for safe and secure data processing.


💡 Important: Ensure you have Docker and Git installed before proceeding.

Using Our Pre-Built Image: Our pre-built Docker image, containing the latest knowledge base, is available for anyone with repository access. Here's how to use it:

AWS Account Whitelisting: Access to our Docker registry is restricted to certain AWS accounts. To whitelist your AWS account, contact our customer support team. We'll add your Account ID as a trusted source.

Pulling the Docker Image: Once whitelisted, authenticate to the registry and pull the image using these commands:

output="sts" &&
aws sts assume-role --role-arn "arn:aws:iam::871828238455:role/ql-production-code-scanner-role-v2" --role-session-name AWSCLI-Session --external-id ql-on-premise > $output &&

AccessKeyId=$(cat $output | jq -r '.Credentials''.AccessKeyId') &&
SecretAccessKey=$(cat $output | jq -r '.Credentials''.SecretAccessKey') &&
SessionToken=$(cat $output | jq -r '.Credentials''.SessionToken') &&

export AWS_ACCESS_KEY_ID=$AccessKeyId &&
export AWS_SECRET_ACCESS_KEY=$SecretAccessKey &&
export AWS_SESSION_TOKEN=$SessionToken &&

aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin 871828238455.dkr.ecr.eu-west-1.amazonaws.com

Setting Up TrustWorks App Integration

  1. In the TrustWorks app, go to the integration list under Global Settings > Integrations.
  2. Click on + New Integration .
  3. Select Code Scanner and choose API Key for authentication.
  4. Generate an API key. ⚠️ Be sure to copy it immediately as it's only displayed once!
  5. Test the connection and then click the Save button.

Running the Scanner

With the setup complete, use the following commands to run the scanner, adjusting PROJECT_NAME , SOURCE_PATH , and WORKERS as needed.

The WORKERS parameter specifies the number of processes that the Docker image initiates to handle results. Adjusting this value appropriately can lead to improved performance.

Paste the API key in the command below to authenticate the requests. Set a name to the project that will be scanned and its path.

$ export API_KEY=[your-api-key]
$ export PROJECT_NAME=[project-name]
$ export SOURCE_PATH=[source-path-to-scan]
$ export WORKERS=[number-of-cpus]

$ docker run <br> -e API_KEY=$API_KEY \ 
-e CODE_SCANNER_WORKERS=$WORKERS <br> -v $SOURCE_PATH:/code <br> 871828238455.dkr.ecr.eu-west-1.amazonaws.com/ql-production-code-scanner-v2:production scan --dir /code --name $PROJECT_NAME -u

Viewing Results

Upon completion, view the scan results in the TrustWorks app's Code Scanner page.

Still need help? Contact Us Contact Us