Quick start with Xygeni CLI
A Scan is the action performed by the Xygeni Scanner to find security issues in your project.
You can follow the steps below for a quick start guide to using the Xygeni CLI
1. Install the Scanner CLI
Download the Scanner
Run the one of the following which better matches your preferences:
curl -sLO https://get.xygeni.io/latest/scanner/xygeni-release.zipOr go to https://get.xygeni.io and dowload it manually.
Verify the integrity of the script
Xygeni publishes a SHA-256 checksum of published components in the xygeni/xygeni GitHub repository, so you may verify the integrity of a downloaded artifact.
To ensure that the downloaded installation script checksum matches the checksum published in Xygeni repository, meaning that probably it was not tampered with:
echo "$(curl -s https://raw.githubusercontent.com/xygeni/xygeni/main/checksum/latest/xygeni-release.zip.sha256) xygeni-release.zip" | sha256sum --checkIf under macOS, as sha256sum is probably not installed in your host, you may:
read this to install it,
or use
shasum -a 256instead orsha256sumif theshasumcommand is installed,
echo "$(curl -s https://raw.githubusercontent.com/xygeni/xygeni/main/checksum/latest/xygeni-release.zip.sha256) xygeni-release.zip" | sha256 -a 256 --checkor use
opensslto compute the SHA-256 checksum of the installation script and compare it with the published checksum.
Unzip the scanner
Unzip the Xygeni Scanner zip that you have just downloaded to a new folder.
unzip xygeni-release.zip -d /destination/path2. Fetch your Xygeni API token
Go your profile pannel and navigate to Organization/Personal Tokens:
Create a new token. The difference betweeen Organization tokens and Personal tokens is who can see and revoke those tokens. Select either one and generate a new token.
In order to run scans, the only permission that is needed is the "Upload scan results" permission. However, if you want to use the same token with the REST API, you’ll need to grant it additional permissions.
3. Set XYGENI_TOKEN environment variable
In order to run scans, a new environment variable must be set, the name of this variable must be "XYGENI_TOKEN" and it content has to be the token that was created in the previous step.
nano ~/.bashrcAdd this line at the end of the file:
export XYGENI_TOKEN="<TOKEN>"Apply the changes:
source ~/.bashrc4. (Recommended) Add the scanner folder to path
In order to execute the Xygeni application as another command, the Xygeni Scanner folder must be added to the path.
nano ~/.bashrcAdd this line at the end of the file:
export PATH="$PATH:/Path/To/Scanner"Apply the changes:
source ~/.bashrc5. Run your first scan
To begin, ensure that you have a file system folder containing your project content. This folder may be a clone of your repository or simply a directory housing the source code for your project.
Navigate to your project directory, with the command cd /my/project. Once there, initiate a scan by running xygeni scan. All vulnerabilities identified are listed, including their path and fix guidance.
$ cd /my/project
$ xygeni scan You can also use these commands below for other cases:
# Assuming that $XYGENI_HOME in path or xygeni shortcut set
# Scan a directory
$ xygeni scan -n <your_project_name> --dir <path_to_analyze>
# Scan a repository
$ xygeni scan --repository <repo_url>
# Scan a container image
$ xygeni scan --repository <image>
# You may add --no-upload to the scan command if you want to view
# the results before uploading to Xygeni platform. 6. View scan results
After the scan is done, log into the Dashboard and navigate to the Governance tab to access the Security Posture Summary screen.
Last updated