sec1-sast Security Scanner - Quick Start Guide

Automated Security Scanning with Dashboard Integration

Option 1:

**Step 1: Download exe from here

--

**Step 2: Excute below command-

sec1-sast.exe scan --upload-report --upload-api-key <your_api_key> -o report.json <code_repo_path>

--

Option 2:

🚀 Get Started in 3 Steps

Step 1: Install Docker Desktop

Download and install Docker Desktop for Windows:

• Download: https://www.docker.com/products/docker-desktop

• Install: Run the installer and restart your computer

• Verify: Docker Desktop should show "Running" in system tray

Step 2: Download Scanner Configuration

Download these 1 files to a folder (e.g., C:\sec1-scanner):

1. docker-compose.yml - Scanner configuration

2. Run command (see Step 3)

No installation or compilation needed! The scanner runs as a Docker container.

Step 3: Configure & Run

Open Command Prompt or PowerShell in your scanner folder and run:

docker-compose up 
or
docker compose up

Replace these values:

• your-api-key-here → Your API key (provided by sec1)

• my-application → Your application name

• /workspace → Path to your code (configured in next section)

⚙️ Configuration

Mount Your Code

Edit docker-compose.yml and change the CODE_PATH:

volumes:
  - C:/Users/YourName/projects/my-app:/workspace:ro
  #   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^  
  #   Change this to your code location

Important: Use forward slashes (/) not backslashes (\)

Examples:

# Desktop
- C:/Users/John/Desktop/my-project:/workspace:ro

# Documents
- C:/Users/John/Documents/projects/app:/workspace:ro

# Different drive
- D:/projects/my-app:/workspace:ro

# Network share
- //CompanyNAS/development/app:/workspace:ro

Save Reports Locally (Optional)

Add a volume for reports:

volumes:
  - C:/Users/YourName/projects/my-app:/workspace:ro
  - C:/Users/YourName/reports:/reports              # Add this line

Reports will be saved to C:/Users/YourName/reports/sast-report.json

🔧 Troubleshooting

"Cannot connect to Docker daemon"

• Start Docker Desktop

• Wait for "Docker Desktop is running" message

• Check system tray for Docker whale icon

"Cannot find /workspace"

• Check CODE_PATH in docker-compose.yml

• Use forward slashes: C:/path/to/code

• Ensure path exists: verify in File Explorer

• Enable file sharing in Docker Desktop:

  • Settings → Resources → File Sharing

  • Add your drive (e.g., C:)

"Upload failed"

• Verify API key is correct

• Check dashboard URL is accessible

• Test connection: ping api.sec1.io

• Check firewall/antivirus settings

"Permission denied"

• Run Command Prompt as Administrator

• Check folder permissions in Windows

• Ensure Docker Desktop has admin rights

📋 Pre-Flight Checklist

Before your first scan:

• Docker Desktop installed and running

• docker-compose.yml downloaded

• Code path configured in volumes section

• Dashboard URL ready

• API key obtained from sec1

• Application name decided

• Network access to dashboard confirmed

🔒 Security & Privacy

Your Code Stays Safe:

• ✅ Code never leaves your machine

• ✅ Mounted read-only (scanner cannot modify files)

• ✅ Runs in isolated Docker container

• ✅ Only vulnerability metadata uploaded to dashboard

What's Uploaded to Dashboard:

• Vulnerability type and severity

• File path and line number (relative paths)

• Code snippet (2-3 lines context only)

• CWE ID and description

• Remediation suggestions

What's NOT Uploaded:

• Full source code

• Environment variables

• Configuration files (unless they contain vulnerabilities)

• Business logic or proprietary code