Protego is a static analysis tool designed to identify security vulnerabilities in JavaScript codebases. It helps developers detect potential security risks early in the development process, enabling them to mitigate them before deployment.
To install Protego, follow these steps:
Clone the repository to your local machine and the submodules:
git clone https://github.com/Femton02/Protego.git
git submodule update --init --recursive
Navigate to the Protego directory:
cd protego
Add the working directory of the project to an environment variable called PROTEGO_WORKSPACE_DIR
If you are using bash, you can add the following line to your .bashrc
or .bash_profile
file:
export PROTEGO_WORKSPACE_DIR=/path/to/your/workspace
If you are using powershell, you can add the following line to your profile.ps1
file:
$Env:PROTEGO_WORKSPACE_DIR = "/path/to/your/workspace"
Make sure to replace /path/to/your/workspace
with the path to the directory where you have the project.
Install tree-sitter needed language parsers
pip install -r src/requirements.txt
Build the tree-sitter parsers
python3 src/core/t_sitter/language_build.py
After running the above commands, you should have the tree-sitter parsers for the languages you need in the src/core/t_sitter/languages
directory and the src/core/t_sitter/build/languages.so
file.
To analyze your JavaScript code with Protego, run the following command:
python3 src/cli/cli_interface.py -h
This will display the help message, which contains information about the available options and how to use them.