- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
SourceGuard was developped by Itamar Lavender and his team and is in Beta. It is one of the SAST scanners under development at Checkpoint that can do both source code scanning with a Repository like Github but container images as well.
Please refer the github page below to learn how to deploy and start performing DevSecOps SAST or Static Application Security Testing. It is available for everyone to test via the infinity portal
https://github.com/chkp-dhouari/SourceGuard
SourceGuard can be integrated with any CICD server like Jenkins, GitLab or AWS CodePipeline to perform SAST at various stages of the application build.
In the Github page below, I described how to create a jenkins pipeline as code to deploy a node.js application using a docker container and add sourceguard SAST security as part of that CICD pipeline
https://github.com/chkp-dhouari/Jenkins-SourceGuard
I'm trying to poke SourceGuard with some random code on Windows. As per instruction, I did the portal registration and onboarding.
No matter what -src title I gave, I'm always getting back "Error: repository URL is missing" error. Do you have some test "vulnerable" code to practice against? Is it possible to publish it to your git?
P.S. It the voice-over missing in this video YouTube - SourceGuard Demo?
it will scan a git dir. you need to install git on your laptop then make a dir. do git init and do git add the files that you want to scan
I am working on updating the github page and creating a new video this week
let me know if this helps
I spend a few more hours trying SourceGuard to accept some piece of code without any luck. It throwing the same error. If it is not to difficult, please provide more details on using the tool.
Obviously I do not have developer background but did Git course some time ago and (hopefully) understand the concept of code control.
As I've faced the same error and found the answer in this post, I'll keep some details here:
There is an Azure functions project. If I run the sourceguard-cli command in the folder where the python file (__init__.py) is located I fail (as well as if I specify the file name)
Directory: C:\Users\arazumov\Documents\Coding\Azure_09\funcPyTest\arPyTest
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 01.09.2020 21:29 316 function.json
-a---- 01.09.2020 21:29 25 sample.dat
-a---- 02.09.2020 8:44 624 __init__.py
PS C:\Users\arazumov\Documents\Coding\Azure_09\funcPyTest\arPyTest> sourceguard-cli.exe -src .
02-09-2020 09:18:15.400 SourceGuard Scan Started!
02-09-2020 09:18:15.845 Error: repository URL is missing
I need to be in the project root directory where the .git folder is located:
Directory: C:\Users\arazumov\Documents\Coding\Azure_09\funcPyTest
Mode LastWriteTime Length Name
---- ------------- ------ ----
d--h-- 02.09.2020 8:44 .git
d----- 01.09.2020 21:29 .vscode
d----- 01.09.2020 21:29 arPyTest
-a---- 01.09.2020 21:28 41 .funcignore
-a---- 01.09.2020 21:29 1787 .gitignore
-a---- 01.09.2020 21:49 2458 azure-pipelines.yml
-a---- 01.09.2020 21:28 289 host.json
-a---- 01.09.2020 21:28 118 local.settings.json
-a---- 01.09.2020 21:28 72 proxies.json
-a---- 01.09.2020 21:28 200 requirements.txt
PS C:\Users\arazumov\Documents\Coding\Azure_09\funcPyTest> sourceguard-cli.exe -src .
02-09-2020 09:19:41.023 SourceGuard Scan Started!
02-09-2020 09:19:41.638 Project name: PyTest path: .
02-09-2020 09:19:41.638 Scan ID: 1b9cb9624438a84d314e22f36fc2f01aa1a56612772d2127261173062e6b5933-zXAORM
02-09-2020 09:20:21.515 Scanning ...
02-09-2020 09:20:27.765 Analyzing ...
02-09-2020 09:21:58.856 Action: ALLOW
02-09-2020 09:21:58.857 Please see full analysis: https://portal.checkpoint.com/Dashboard/SourceGuard#/scan/sourcecode/1b9cb9624438a84d314e22f36fc2f01aa1a56612772d2127261173062e6b5933-zXAORM
By the way, your git repository name will be used as a "project name" in the SourceGuard portal.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY