You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I have read the blog post, the README and tried some commands using the docker image. All three seem to disagree about the usage, I have found several ways that don't work but I have not found yet how to make it work.
Argument order
The project README file gives several example commands :
docker run -e GH_TOKEN ghcr.io/boostsecurityio/poutine:latest
But when running the tool everything seems in a different order :
Usage:
poutine [options] <command> [<args>]
Commands:
analyze_org <org>
analyze_repo <org>/<repo>
analyze_local <path>
Options:
-format string
Output format (pretty, json, sarif) (default "pretty")
-scm string
SCM platform (github, gitlab) (default "github")
-scm-base-url string
Base URI of the self-hosted SCM instance (optional)
-threads int
Parallelization factor for scanning organizations (default 2)
-token string
SCM access token (required for the commands analyze_org, analyze_repo) (env: GH_TOKEN)
-verbose
Enable verbose logging
=> Options is now in first position
All option flags have a single dash in the help VS a double-dash in the README.
The blog post also refers to an option to analyze all projects in a self-hosted Gitlab instance, but this option seems to be unavailable in the binary :
Analyze all projects in a self-hosted Gitlab instance
$ poutine -token "$GL_TOKEN" -scm gitlab -scm-base-uri https://example.com org/repo
There's no source specifying what format the Gitlab Token should have (I guess user:token ?)
To Reproduce
Steps to reproduce the behavior: docker run -it ghcr.io/boostsecurityio/poutine:latest -token "$GL_TOKEN" -scm gitlab -scm-base-url gitlab.example.com
Expected behavior
A clear and concise description of how to use the tool, consistent across the help, README and other blog posts.
Desktop (please complete the following information):
OS: Kali Linux
Browser : whatever
The text was updated successfully, but these errors were encountered:
Describe the bug
I have read the blog post, the README and tried some commands using the docker image. All three seem to disagree about the usage, I have found several ways that don't work but I have not found yet how to make it work.
The project README file gives several example commands :
docker run -e GH_TOKEN ghcr.io/boostsecurityio/poutine:latestpoutine [command] [arguments] [options]poutine analyze_org my-org/project --token "$GL_TOKEN" --scm gitlab --scm-base-uri https://gitlab.example.comBut when running the tool everything seems in a different order :
=> Options is now in first position
All option flags have a single dash in the help VS a double-dash in the README.
The blog post also refers to an option to analyze all projects in a self-hosted Gitlab instance, but this option seems to be unavailable in the binary :
user:token?)To Reproduce
Steps to reproduce the behavior:
docker run -it ghcr.io/boostsecurityio/poutine:latest -token "$GL_TOKEN" -scm gitlab -scm-base-url gitlab.example.comExpected behavior
A clear and concise description of how to use the tool, consistent across the help, README and other blog posts.
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: