You can install Secode a number of different ways. Choose the approach that's most convenient for you! The options (described below) are (1) pip, (2) package for Unix-like system, (3) source install, and (4) run directly.
Meet the requirements
apt update | apt upgrade
git clone https://github.com/NoelV11/Secode.git
For many, the simple approach is to first install Python
(2.7 or something reasonable in the 3.X series).
Then use pip
to install Secode
(this will normally download the package):
One advantage for using pip is that you'll generally get the current released version.
If you use an RPM-based system (e.g., Red Hat) or deb-based system (e.g., Debian), you can use their respective RPM or debian installation program and just install it; then ignore the rest of these instructions. For a ports-based system where you have a current port, just use that.
This will work out-of-the-box; it may not be the most recent version.
One way to accomplish this is:
P.S Make sure that you have Python 3.0 or higher
sudo apt install secode
You can also simply run the program in the directory you've unpacked it into. It's a simple Python program, just type into a command line:
- txt and
- CSV
For example:-
Output Format
This is the code report one gets after scanning their .c file(in this case,the analyzed code contains insecure functions,which we had previously identified and compiled in the ruleset file)
From the sample output we can note the following:-
- Hits - number of insecure functions detected
- Lines Analyzed - derived from the total number of lines in the code
- Severity levels - graded from 1 to 5
- Risk level of analyzed code
Please note that exploits are attempted everyday,leading to functions being vulnerable.So there may be chances that a secure function today,may become insecure tommorow