Xygeni CLI Docker Image

The xygeni/xygeni_scanner docker image is convenient if you plan to run the scanner without installing the required tools. You can run a Docker container using the image that includes all the tools needed to run the scanner in a standard developer environment.

Quickstart

Save the following code as docker-compose.yml:

version: '3.8'
services:
  xygeni_scanner:
    image: xygeni/xygeni_scanner:latest
    container_name: xygeni
    command: scan -n $PROJECT_NAME --dir /app
    environment:
      - PROJECT_NAME=${PROJECT_NAME}
      - XYGENI_TOKEN=${XYGENI_TOKEN}
    volumes:
      - "${PATH_TO_SCAN}:/app"
    tty: true

Replace XYGENI_TOKEN by XYGENI_USERNAME + XYGENI_PASSWORD if you prefer to use username and password instead of the recommended access token:

    # ...
    environment:
      - PROJECT_NAME=${PROJECT_NAME}
      - XYGENI_USERNAME=${XYGENI_USERNAME}
      - XYGENI_PASSWORD=${XYGENI_PASSWORD}
    # ...

By using this docker-compose.yml you will be able to quickly perform a scan as it simplifies the usage by providing a scheme for the volumes that the scanner requires to be mounted.

To customize volume paths or the project name for this quickstart you can edit the docker compose file or, as a better practice, use the following .env file scheme:

PATH_TO_SCAN=...
PROJECT_NAME=...

Now let’s run your first scan:

docker compose up

docker compose run xygeni secrets -n project_to_scan_name --dir /app -u

Advanced usage

First you need to manually pull the Docker image from the xygeni docker hub repository.

docker pull xygeni/xygeni_scanner:latest

Usually you will mount a volume for the project to scan when running this Docker container:

docker run \
  -it \
  -v "${PATH_TO_SCAN}:/app" \
  -e XYGENI_TOKEN=${XYGENI_TOKEN} \
  -t xygeni/xygeni_scanner scan -n test --dir /app

CLI Options

Please refer to the Xygeni CLI mode of operation for full details on the scanner command line options and configuration.