Git-aware utility for automated program analysis
Project description
[alpha] A Git-aware CLI for running semgrep patterns in the developer and CI workflow.
Installation · Usage · Help & Community
Installation
Requires Python 3.6+ and Docker 19.03+. It runs on macOS and Linux.
In a Git project directory:
$ pip3 install bento-headless
Usage
Upgrading
$ pip3 install --upgrade bento-headless
Command line options
$ bentoh --help
Usage: bentoh [OPTIONS] COMMAND [ARGS]...
Options:
-h, --help Show this message and exit.
--version Show the version and exit.
Commands:
archive Suppress current findings.
check Checks for new findings.
To get help for a specific command, run `bentoh COMMAND --help`
Run custom semgrep checks on staged diffs
See semgrep Configuration for how to write custom rule files
vi .bento/semgrep.yml
bentoh check
Format output as JSON
bentoh check -f json
Run on file system current state
bentoh check --all
Run on staged diffs in a directory
bentoh check src
Ignore current findings
bentoh archive
Run public semgrep checks on staged diffs
BENTO_REGISTRY=r/r2c.python bentoh check
Run checks from extensions
bentoh check -t gosec -t r2c.registry.latest
Exit codes
bentoh check may exit with the following exit codes:
0: Bento ran successfully and found no errors2: Bento ran successfully and found issues in your code3: Bento or one of its underlying tools failed to run
Extensions
bentoh ships with the following extensions:
| Extension | Description |
|---|---|
| bandit | Finds common security issues in Python code |
| dlint | A tool for encouraging best coding practices and helping ensure Python code is secure |
| eslint | Identifies and reports on patterns in JavaScript and TypeScript |
| flake8 | Finds common bugs in Python code |
| gosec | Finds security bugs in Go code |
| hadolint | Finds bugs in Docker files (requires Docker) |
| r2c.boto3 | Checks for the AWS boto3 library in Python |
| r2c.flask | Checks for the Python Flask framework |
| r2c.jinja | Finds common security issues in Jinja templates |
| r2c.registry.latest | Runs checks from r2c's check registry (experimental; requires Docker) |
| r2c.requests | Checks for the Python Requests framework |
| shellcheck | Finds bugs in shell scripts (requires Docker) |
Help and community
Need help or want to share feedback? We’d love to hear from you!
- Email us at support@r2c.dev
- Join #general in our community Slack
- File an issue or submit a feature request directly on GitHub
We’re constantly shipping new features and improvements.
License and legal
Please refer to the terms and privacy document.
Copyright (c) r2c.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
bento-headless-0.11.1.tar.gz
(88.0 kB
view hashes)
Built Distribution
Close
Hashes for bento_headless-0.11.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 525d85c3dfed8e42feb23d9b61af58e86ddc9ef5e507bb4a560bc3e3d1253c07 |
|
| MD5 | e8c375a9e9ce71cb5fadbf78b33d7752 |
|
| BLAKE2b-256 | c7f63ca55551c542287bbbfec17be1b70c4bd6801f046773a877ecd44bab3e59 |
