Getting Started with Code Security

Check Point Code Security uses the engine named spectral to scan your environments. It does not require that you onboard your environment to CloudGuard.

To get started with Code Security:

Log in to CloudGuard.
From the menu, select Code Security. CloudGuard suggests you set up your Continuous Integration (CI).
Click Setup your CI. The on-screen wizard opens on the Sources page (see Sources).
Follow the instructions in the wizard to configure the integration.

To install Code Security:

Run the command based on the Data Center location of your CloudGuard account and the operating system:

United States (US)

For	Run this command
Homebrew on Mac	`brew tap spectralops/tap && brew install spectral`
Scoop on Windows	On Infinity Portal: `scoop install https://spectral-us.checkpoint.com/latest/scoop/spectral.json` On Dome9 Portal: `scoop install https://spectral-us.dome9.com/latest/scoop/spectral.json`
Mac and Linux	On Infinity Portal: `curl -L https://spectral-us.checkpoint.com/latest \| sh` On Dome9 Portal: `curl -L https://spectral-us.dome9.com//latest \| sh`
Windows PowerShell	On Infinity Portal: `iwr https://spectral-us.checkpoint.com/latest/ps1 -useb \| iex` On Dome9 Portal: `iwr https://spectral-us.dome9.com/latest/ps1 -useb \| iex`

Europe (EU)

For	Run this command
Homebrew on Mac	`brew tap spectralops/tap && brew install spectral`
Scoop on Windows	On Infinity Portal: `scoop install https://spectral-eu.checkpoint.com/latest/scoop/spectral.json` On Dome9 Portal: `scoop install https://spectral.eu1.dome9.com/latest/scoop/spectral.json`
Mac and Linux	On Infinity Portal: `curl -L https://spectral-eu.checkpoint.com/latest \| sh` On Dome9 Portal: `curl -L https://spectral.eu1.dome9.com/latest \| sh`
Windows PowerShell	On Infinity Portal: `iwr https://spectral-eu.checkpoint.com/latest/ps1 -useb \| iex` On Dome9 Portal: `iwr https://spectral.eu1.dome9.com/latest/ps1 -useb \| iex`

Note - You can use the DSN to get the Code Security enterprise offering, for example: curl -L https://spectral-us.dome9.com/latest/sh?dsn=<YOUR_DSN> | sh

To scan a directory:

For a sample spectral-test directory, run:

Copy

$ mkdir spectral-test && cd spectral-test
$ $HOME/.spectral/spectral scan
✔ no matches found
  scanned 0 bytes and 0 files in 2ms

Best Practice - Do not run curl|sh without inspecting the install script (shell script).

To create a dummy secret:

Run:

Copy

$ echo AKIAIOSFODNN7EXAMPLX > foo.txt
$ $HOME/.spectral/spectral run
/Users/superhero/spectral-test/foo.txt
        0:20 Error        Visible AWS Key CLD001

It shows the file, the location (0:20), severity (Error), description and detector code (CLD001).

Code Security does not dump the actual secret or key to the console, or anywhere. If you want to view it, add a SPECTRAL_SHOW_MATCH=1 environment flag before running.

Copy

$ $HOME/.spectral/spectral run
... 
[your-project] SVC006 - Exposed PubNub Secret on Client Side App
- res/values/strings.xml

To perform a sample scan:

You can use the codesec-goat file to perform a sample scan. Unzip the codesec-goat file and run:

Copy

$ cd codesec-goat
$ $HOME/.spectral/spectral scan