Exakat is a static analysis engine a tool for analyzing, reporting and assessing PHP code source efficiently and systematically. Exakat processes PHP 5.6 to 7.4 code, as well as reporting on security, performance, code quality, migration. Common best practices and recommendations for specific plat-forms such as Laravel, Wordpress, CakePHP or Drupal Framework are covered. Check all supported Frameworks here.
We propose a Docker container to install and run Exakat 2.0.6 locally or as a part of a Static Application Security Testing (SAST) stage for Gitlab CI/CD Pipeline Integration. The resulted analysis reports can be retrieved as artefacts. See Gitlab CI/CD Pipeline Integration section.
2.0.6
Install the sfrod/exakat-ci container:
$ docker pull sfrod/exakat-ci:latest
Run Exakat PHP analysis and mounting an existing directory to fetch the reports:
$ mkdir reports
$ docker run -v <path/to/project/folder>:/src/ -v \ $(pwd)/reports:/report/ sfrod/exakat-ci:latest
Run Exakat PHP analysis and creating a volume called 'reports' to fetch the reports:
$ docker run -v <path/to/project/folder>:/src/ -v reports:/report/ sfrod/exakat-ci:latest
Run Exakat PHP analysis based on a framework. Check all supported Frameworks here. :
$ docker run -v <path/to/project/folder>:/src/ -v $(pwd)/reports:/report/ sfrod/exakat-ci:latest Laravel
Add this stage in your .gitlab-ci.yml file. Or take a look at our template-gitlab-ci.yml file. Reports can be retrieved as artifacts at the end of the job. Analysis using Frameworks are in Text format named as Ext_'used Framework'_report.txt.
stages:
- sast
sast:
stage: sast
image: docker:latest
services:
- docker:18-dind
variables:
DOCKER_DRIVER: overlay2
SHARED_PATH: /builds/$CI_PROJECT_PATH/shared
script:
- mkdir -p ${SHARED_PATH}
- docker run -v $CI_PROJECT_DIR:/src -v ${SHARED_PATH}:/report sfrod/exakat-ci:latest Laravel
artifacts:
when: always
paths:
- /builds/$CI_PROJECT_PATH/shared/*
This is an unofficial build and my try to build an exakat container to integrate it as a Static Application Security Testing (SAST) stage at Gitlab CI/CD Pipeline workflow.