Install
We have a CLI tool that can be installed with pip
and a Github Application to connect with your CI process. Additionally, we can also be launched on Gitlab, with Jenkins or Github Actions. Of course, our Web interface is also a key component at https://satori.ci to better visualize your results.
Install Satori CLI
Three steps:
- Execute in your command line terminal:
pip3 install satori-ci
- With Satori CLI installed, now we need to get a Satori Token to use it:
- Log in the Satori website using Github credentials: https://satori.ci/login
- On the Satori website go to Settings->Teams
- Copy your API Token
- Replace the string YOUR_TOKEN with your clipboard on the next command:
satori config token YOUR_TOKEN
Install Satori CI Github App
Each time you push code to your Github repository, there's a risk that it could affect the security of your project. Furthermore, should your data ever be compromised, it's crucial to minimize the exposure of sensitive information. Two primary areas of concern are:
- Secrets on your code
- Vulnerable code from yourself or third parties
Automatically test your GitHub repositories by installing our App:
1) Satori CI for Github https://github.com/apps/satorici
Be mindful that you need to be authenticated to configure it.
2) Click on Configure
Select on which accounts you will be setting it up.
3) Select the repositories where you will be installing it or select all repositories
Once you are done, click on Save. We care about your security, so we will only store your email, your repositories names, and the reports. Your code only lives within the virtual machines that are present during the execution.
4) Create your first .satori.yml file
Within the repositories that you will connect, you want to create a file named .satori.yml
. This file will contain the tests that you will executing on every push. Let's keep it simple, and start checking for secrets with Trufflehog:
settings:
name: CI Tests for every push of my Repo
# run `satori playbooks --public` to get a list of public playbooks to import and use on your project
import:
- "satori://code/trufflehog.yml"
# include below additional tests as required for your project
Here is an example of a project that imports a playbook, compiles the project and runs it to confirm an expected output:
git clone git@github.com:satoridev01/Hello_C_World.git
cd Hello_C_World
cat .satori.yml
satori run ./ --output
If you need any help, please reach out to us on Discord or via Email