Skip to content

Commit 9964f28

Browse files
dacoburndacoburn
committed
Updated readme
1 parent 81019e3 commit 9964f28

File tree

1 file changed

+53
-0
lines changed

1 file changed

+53
-0
lines changed

README.md

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,59 @@ After installation you should have the `socket-basics` CLI available in your env
5757

5858
## Quick start
5959

60+
Build the container image and run a scan from your current working directory mounted as `/workspace`.
61+
62+
1) Build the Docker image (tagged `socket-basics`):
63+
64+
```sh
65+
docker build -t socket-basics .
66+
```
67+
68+
2) Create a `.env` file that enables Jira + Slack and provides Socket credentials. The example below includes the required `SOCKET_ORG` and `SOCKET_SECURITY_API_KEY` variables used in this quick run (replace placeholders with real values or secrets):
69+
70+
```env
71+
# Socket credentials
72+
SOCKET_ORG=socketdev-demo
73+
SOCKET_SECURITY_API_KEY=your-socket-security-api-key
74+
75+
# Enable notifiers
76+
INPUT_JIRA_ENABLED=true
77+
INPUT_JIRA_URL=https://your-jira-instance.atlassian.net
78+
INPUT_JIRA_EMAIL=you@example.com
79+
INPUT_JIRA_API_TOKEN=your-jira-api-token
80+
INPUT_JIRA_PROJECT=PROJ
81+
82+
INPUT_SLACK_ENABLED=true
83+
INPUT_SLACK_WEBHOOK_URL=https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
84+
85+
# Optional: prefer tabular console output
86+
INPUT_CONSOLE_ENABLED=true
87+
INPUT_SOCKET_CONSOLE_MODE=tabular
88+
```
89+
90+
3) Run the container mounting the current directory into `/workspace` and pass the CLI flags you provided. This example runs secrets scanning, JavaScript SAST, requests Socket tier1 reporting, and scans the `trickyhu/sigsci-rule-editor` container image:
91+
92+
```sh
93+
docker run --rm -v "$PWD:/workspace" --env-file .env socket-basics \
94+
--workspace /workspace \
95+
--repo node_goat_17 \
96+
--branch main \
97+
--secrets \
98+
--console-tabular-enabled \
99+
--javascript \
100+
--socket-org socketdev-demo \
101+
--socket-tier1 \
102+
--container-images \
103+
--images trickyhu/sigsci-rule-editor
104+
```
105+
106+
Notes:
107+
- The container mounts your current project into `/workspace`, so the CLI option `--workspace /workspace` points to that path inside the container.
108+
- The `.env` file is loaded by `--env-file` to provide credentials and notifier configuration; you can also set secrets via your environment or your CI provider.
109+
- `SOCKET_ORG` and `SOCKET_SECURITY_API_KEY` in the example are included to show the minimum Socket-related env variables for SCA/Socket integrations. The tool also accepts `INPUT_SOCKET_ORG` / `INPUT_SOCKET_API_KEY` style env vars used elsewhere in this repo if you prefer that naming.
110+
111+
Quick local examples (alternate):
112+
60113
Run a basic scan from the repository root and print results to stdout:
61114

62115
```sh

0 commit comments

Comments
 (0)