This section addresses common questions and issues that users might face using the Machine Standalone tool.
The most current information and updates can be found on this page, as the AppDefenseAlliance's documentation on our tool is outdated.
No, it is not necessary to create a Dockerfile. You only need to download the Docker image.
Please check the getting started section
If this message appears at the end of the error log:
error: mounting /proc: Operation not permitted
Try running the scan with the --privileged flag:
docker run --privileged -v /your/local/dir:/working-dir fluidattacks/cli:arch skims scan /working-dir/config.yaml
If the error message at the end of the error log is something like this:
[ERROR] Enter a valid argument,
the argument types are the path to a .yaml configuration file or the path to a directory.
Doc: https://docs.fluidattacks.com/tech/scanner/standalone
It means that the path to the config.yaml file or the folder to scan is incorrect, or that you are attempting to access a local path within the container's runtime.
Therefore, you should verify that the path exists and if it's the latter case, ensure that you are correctly mounting the volume inside the container along with the respective files.
This means you are including APK files in the SAST module of the scanner. APK files are only meant to be scanned in the APK module (As the name implies). To remove those reports, simply add the exclude key to the sast section of the configuration, like so:
sast:
include:
- .
exclude:
- glob(**/*.apk)
If you encounter this message frequently:
[WARNING] File too large
It means that the tool is ignoring large files to avoid possible memory issues.
If you wish to remove this limitation, use the file size limit key.
If you remove the limit and encounter memory errors, we recommend splitting the executions of the scanner (e.g. performing multiple executions scanning only certain folders each time)
We are actively making improvements on this topic so in the future this is not necessary.
If your scan is taking longer than it should, we recommend:
Check for Included Dependency Folders: Ensure that you are not including dependency folders in the sast scan, such as node_modules, dist, vendor and their equivalents.
Use the Recursion Limit Key: Consider using the recursion limit key to limit the depth of search within a single file. We recommend setting it to 1000.
If you encounter a different error, you can open a new issue in our open source repository.