Scan Engine Installation

The Scan Engine installation depends on your operating system and exists in three options:

  • Windows

  • Linux

  • macOS

You can use one of these methods to install the Scan Engine:

Downloading the binary file

  1. Download the x64 or 386 standalone binary.

  2. (Optional) Save the shiftleft.exe file in a directory in your current PATH.

  3. Launch a new command terminal and verify that ShiftLeftClosed The ShiftLeft tool scans source code, containers and serverless functions, looking for vulnerabilities including those associated with the Log4j tool. This tool alerts the security and DevOps teams if any vulnerabilities are detected in the pre-build phase, ensuring that vulnerable code is not deployed. is properly installed:

    C:\Downloads\>shiftleft image-scan --version

    The sample output:

    0.400.0

  1. Download the x64 or 386 standalone binary.

  2. (Optional) Make the file executable and move the file into a directory in your current PATH, for example:

    chmod +x shiftleft

    mv shiftleft /bin/shiftleft

  3. Launch a new command terminal and verify that the program is properly installed:

    $shiftleft image-scan --version

    The sample output:

    0.400.0

  1. Download the x64 standalone binary.

  2. Make the file executable, add a Gatekeeper exception, and move the file into a directory in your current PATH, for example:

    chmod +x shiftleft

    spctl --add shiftleft

    sudo mv shiftleft /usr/local/bin/shiftleft

  3. Launch a new command terminal and verify that the program is properly installed:

    user-mbp:~ user$ shiftleft image-scan --version

    The sample output:

    0.400.0

Using a Docker image

Using a Docker image of ShiftLeft provides an easy and flexible way to run scans in containerized environments. The Docker image is available on DockerHub at checkpoint/shiftleft.

To use the ShiftLeft image:

  1. Run the command:

    docker run -e CHKP_CLOUDGUARD_ID=<API_KEY> -e CHKP_CLOUDGUARD_SECRET=<API_SECRET> -e SHIFTLEFT_REGION=<REGION> -v <PATH_TO_IMAGE>:/tmp/images/image.tar checkpoint/shiftleft:latest_v2 shiftleft image-scan -e <ENVIRONMENT_ID> -i /tmp/images/image.tar

  2. Replace <API_KEY>, <API_SECRET>, <REGION>, <ENVIRONMENT_ID>, and <PATH_TO_IMAGE> with your CloudGuard API key, secret, region, your environment ID, and the local path to your image directory, respectively.

    Make sure to use the latest_v2 tag to get the most recent features and improvements.

Scan Engine Update

Each time the Scan Engine runs, it automatically checks for updates and installs the latest version available.