Scanner-Cli – A Project Security/Vulnerability/Risk Scanning Tool

The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines.Running and configuring the scannerThe Hawkeye scanner-cli assumes that your directory structure is such that it keeps the toolchain’s files on top level. Roughly, this is what it boils down to:Node.js projects have a package.json on top levelRuby projects will have a Gemfile on top levelPython projects will have a requirements.txt on top levelPHP projects will have a composer.lock on top levelJava projects will have a build (gradle) or target (maven) folder, and include .java and .jar filesThis is not exhaustive as sometimes tools require further files to exist. To understand how the modules decide whether they can handle a project, please check the How it works section and the modules folder.Docker (recommended)The docker image is hands-down the easiest way to the scanner. Please note that your project root (e.g. $PWD) needs to be mounted to /target.docker run –rm -v $PWD:/target hawkeyesec/scanner-cliThe docker build is also the recommended way to run the scanner in your CI pipelines. This is an example of running Hawkeye against one of your projects in GoCD: