The agent scans a provided repository and generates a .zip file with analytics
that must be sent to Sema to be analyzed further. This file may contain things
such as potential CVEs, dependencies, licenses, etc. This file does not, however,
contain any source code.
- Docker must be installed and running. If using Windows, install Docker Desktop and configure it to use Linux containers.
- Currently, the agent only supports repositories versioned with Git.
- If your repository is versioned with SVN, the agent will attempt to convert
this to a git repository. The agent will attempt to access your SVN repository
using
git svn. - If your repository is versioned with something other than Git or SVN, you must first convert it to Git.
- If your repository is versioned with SVN, the agent will attempt to convert
this to a git repository. The agent will attempt to access your SVN repository
using
- You must also have
curlinstalled. On Windows,curl.exeis now included with Windows 10/11; if your system does not include it, you can download and install it. - You should have received a file named
download-url.txtfrom Sema.
Clone your repository to a local directory:
git clone https://github.com/Semalab/agent.gitCopy the download-url.txt file to the agent directory.
Run agent:
./scripts/agent [-h] <repository> <output-directory>This command will work on macOS, Linux, and Windows (in PowerShell.) If using
cmd/Command Prompt on Windows, replace the slashes (/) with backslashes (\).
Use the -h argument for help.
On Windows, if you see an error about being unable to run agent.ps1 because of the execution policy, run this command before the agent script:
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope ProcessAfter running these commands, a zip file will have been created under the specified output directory. Please send this file to [email protected] to complete the analysis.