Git-aware utility for automated program analysis
Project description
[alpha] A Git-aware CLI for running semgrep patterns in the developer and CI workflow.
Installation · Usage · Help & Community
Installation
Requires Python 3.6+ and Docker 19.03+. It runs on macOS and Linux.
In a Git project directory:
$ pip3 install bento-headless
Usage
Upgrading
$ pip3 install --upgrade bento-headless
Command line options
$ bentoh --help
Usage: bentoh [OPTIONS] COMMAND [ARGS]...
Options:
-h, --help Show this message and exit.
--version Show the version and exit.
Commands:
archive Suppress current findings.
check Checks for new findings.
To get help for a specific command, run `bentoh COMMAND --help`
Run custom semgrep checks on staged diffs
See semgrep Configuration for how to write custom rule files
vi .bento/semgrep.yml
bentoh check
Format output as JSON
bentoh check -f json
Run on file system current state
bentoh check --all
Run on staged diffs in a directory
bentoh check src
Ignore current findings
bentoh archive
Run public semgrep checks on staged diffs
BENTO_REGISTRY=r/r2c.python bentoh check
Run checks from extensions
bentoh check -t gosec -t r2c.registry.latest
Exit codes
bentoh check may exit with the following exit codes:
0: Bento ran successfully and found no errors2: Bento ran successfully and found issues in your code3: Bento or one of its underlying tools failed to run
Extensions
bentoh ships with the following extensions:
| Extension | Description |
|---|---|
| bandit | Finds common security issues in Python code |
| dlint | A tool for encouraging best coding practices and helping ensure Python code is secure |
| eslint | Identifies and reports on patterns in JavaScript and TypeScript |
| flake8 | Finds common bugs in Python code |
| gosec | Finds security bugs in Go code |
| hadolint | Finds bugs in Docker files (requires Docker) |
| r2c.boto3 | Checks for the AWS boto3 library in Python |
| r2c.flask | Checks for the Python Flask framework |
| r2c.jinja | Finds common security issues in Jinja templates |
| r2c.registry.latest | Runs checks from r2c's check registry (experimental; requires Docker) |
| r2c.requests | Checks for the Python Requests framework |
| shellcheck | Finds bugs in shell scripts (requires Docker) |
Help and community
Need help or want to share feedback? We’d love to hear from you!
- Email us at support@r2c.dev
- Join #general in our community Slack
- File an issue or submit a feature request directly on GitHub
We’re constantly shipping new features and improvements.
License and legal
Please refer to the terms and privacy document.
Copyright (c) r2c.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file bento-headless-0.11.1.tar.gz.
File metadata
- Download URL: bento-headless-0.11.1.tar.gz
- Upload date:
- Size: 88.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.0.3 CPython/3.7.4 Darwin/18.7.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8f2c0063ccdb5a86d8d14014a619e7485552054ed5334abfb34508a7cfc56229 |
|
| MD5 | 090674012d02bd6ce8706c6be6cc7a0d |
|
| BLAKE2b-256 | 0ad819012aabae56e2c1b7da2c27d2bca372eff72d31f399e920b261bf47fb91 |
File details
Details for the file bento_headless-0.11.1-py3-none-any.whl.
File metadata
- Download URL: bento_headless-0.11.1-py3-none-any.whl
- Upload date:
- Size: 119.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.0.3 CPython/3.7.4 Darwin/18.7.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 525d85c3dfed8e42feb23d9b61af58e86ddc9ef5e507bb4a560bc3e3d1253c07 |
|
| MD5 | e8c375a9e9ce71cb5fadbf78b33d7752 |
|
| BLAKE2b-256 | c7f63ca55551c542287bbbfec17be1b70c4bd6801f046773a877ecd44bab3e59 |
