Skip to content

Commit

Permalink
update html docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@faculerena
faculerena committed Mar 20, 2024
1 parent 9a24b4e commit b63a080
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 19 deletions.
46 changes: 27 additions & 19 deletions docs/docs/intro.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ Scout is an extensible open-source tool intended to assist ink! smart contract d

## Features

* A list of vulnerabilities, best practices and enhancements, together with associated detectors to identify these issues in your code
* Command Line Interface (CLI)
* VSCode Extension
- A list of vulnerabilities, best practices and enhancements, together with associated detectors to identify these issues in your code
- Command Line Interface (CLI)
- VSCode Extension

### What you'll need

Expand Down Expand Up @@ -50,29 +50,33 @@ cargo scout-audit

In the table below, we specify all the option available for the CLI.

| Command/Option | Explanation |
|------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------|
| `cargo scout-audit` | Runs the static analyzer on the current directory |
| `cargo scout-audit --help` | Provides a brief explanation of all the available commands and their usage. |
| `cargo scout-audit --manifest-path <PATH_TO_CARGO_TOML>` | This option is used to specify the path to the Cargo.toml file that you want to analyze. |
| `cargo scout-audit --profile <PROFILE_NAME>` | This option allows you to analyze code using specific group of detectors, configured previously on `$HOME/.config/scout/(ink/soroban)-config.toml`|
| `cargo scout-audit --filter <DETECTOR_LIST_SEPARATED_BY_COMAS>` | This option allows you to analyze code using specific detectors. Provide a comma-separated list of detectors for this purpose. |
| `cargo scout-audit --exclude <DETECTOR_LIST_SEPARATED_BY_COMAS>` | With this command, you can exclude specific detectors from the analysis. You need to give a comma-separated list of the detectors to be excluded. |
| `cargo scout-audit --list-detectors` | Display a list of all available detectors. |
| `cargo scout-audit --version` | Displays the current version of the static analyzer. |
| `cargo scout-audit --verbose` | Print additional information on run |
| `cargo scout-audit --local-detectors <PATH_TO_FOLDER>` | Uses the detectors of a local folder. This considers the sub-folders as detectors. |
| `cargo scout-audit --output-format [text\|json\|html\|sarif]` | Sets the output format. Selecting `json`, `html` or `sarif` will create a file with the output |
| `cargo scout-audit --output-path <PATH_TO_OUTPUT_FILE>` | Sets the output path. If a format was selected, this will replace the default file with the given one |
| Command/Option | Explanation |
| -------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
| `cargo scout-audit` | Runs the static analyzer on the current directory |
| `cargo scout-audit --help` | Provides a brief explanation of all the available commands and their usage. |
| `cargo scout-audit --manifest-path <PATH_TO_CARGO_TOML>` | This option is used to specify the path to the Cargo.toml file that you want to analyze. |
| `cargo scout-audit --profile <PROFILE_NAME>` | This option allows you to analyze code using specific group of detectors, configured previously on `$HOME/.config/scout/(ink/soroban)-config.toml` |
| `cargo scout-audit --filter <DETECTOR_LIST_SEPARATED_BY_COMAS>` | This option allows you to analyze code using specific detectors. Provide a comma-separated list of detectors for this purpose. |
| `cargo scout-audit --exclude <DETECTOR_LIST_SEPARATED_BY_COMAS>` | With this command, you can exclude specific detectors from the analysis. You need to give a comma-separated list of the detectors to be excluded. |
| `cargo scout-audit --list-detectors` | Display a list of all available detectors. |
| `cargo scout-audit --version` | Displays the current version of the static analyzer. |
| `cargo scout-audit --verbose` | Print additional information on run |
| `cargo scout-audit --local-detectors <PATH_TO_FOLDER>` | Uses the detectors of a local folder. This considers the sub-folders as detectors. |
| `cargo scout-audit --output-format [text,json,html,sarif,pdf,md,markdown]` | Sets the output format. Selecting `json`, `html`, `sarif`, `markdown`, or `pdf` will create a file with the output |
| `cargo scout-audit --output-path <PATH_TO_OUTPUT_FILE>` | Sets the output path. If a format was selected, this will replace the default file with the given one |

#### Profile configuration

The profile configuration file is generated automatically in `$HOME/.config/scout/(ink/soroban)-config.toml` the first time scout-audit is run.
The configuration has the following format
```

```toml
[<profile-name>.<detector-name>]
enabled = <true|false>
```

For example, if you want to define a profile named 'dev' in which the 'panic-error' detector is disabled and the 'ink-version' detector is enabled, you should do the following:

```toml
[dev.panic-error]
enabled = false
Expand All @@ -84,14 +88,18 @@ enabled = true

We built the Scout VSCode Extension to help developers write secure and more robust smart contracts. Listing security issues, and highlighting issues with squiggles and hover-over descriptions, we hope our extension will help you catch vulnerabilities during development.

## HTML Vulnerability Report

We've upgraded Scout's HTML output to introduce a comprehensive HTML Vulnerability Report, enhancing your ability to quickly assess and address the security status of your project. The new features included in the report are designed to provide a detailed yet concise overview of the findings.

![FotoFoto](../static/img/html.png)

### Installation

Install Scout from the Marketplace within the Extensions tab of Visual Studio Code. You can find the extension [here](https://marketplace.visualstudio.com/items?itemName=CoinFabrik.scout-audit).

You'll also need to have installed the CLI, as the extension uses the CLI to perform the analysis. You can find instructions for installing the CLI [here](#command-line-interface-cli).


### Usage

After you've installed the extension, simply open a project workspace that contains any ink! (.rs) files. You will see potential issues and warnings via a wiggle underline of the relevant code.
Binary file added docs/static/img/html.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit b63a080

Please sign in to comment.