crash.software
Projects
Pull Requests
Issues
Builds
bearer
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY bearer Files
🤬
v0.24.0
ROOT /
docs /
quickstart.md
81 lines | ISO-8859-1 | 3 KB

title: Quick Start layout: layouts/doc.njk

Quick Start

Discover data security risks and vulnerabilities in only a few minutes. In this guide you will install Curio, run a scan on a local project, and view the results of a summary report. Let's get started!

Installation

The quickest way to install Curio is with the install script. It will auto-select the best build for your architecture. Defaults installation to ./bin and to the latest release version:

curl -sfL https://raw.githubusercontent.com/Bearer/curio/main/contrib/install.sh | sh

Or, if your platform supports it, with Homebrew using Curio's official Homebrew package:

brew install Bearer/curio/curio

If you need more control or another way to install Curio, we offer more advanced installation options.

Scan your project

The easiest way to try out Curio is with our example project, Bear Publishing. It simulates a realistic Ruby application with common data security flaws. Clone or download it to a convenient location to get started.

git clone https://github.com/Bearer/bear-publishing.git

Now, run the scan command with curio scan on the project directory:

curio scan bear-publishing

A progress bar will display the status of the scan.

Once the scan is complete, Curio will output a summary report with details of any rules failures, as well as where in the codebase the infractions happened.

Analyze the report

The summary report is an easily digestible view of the data security problems detected by Curio. A report is made up of:

  • The list of rules run against your code.
  • Each detected failure, containing the file location and lines that triggered the rules failure.
  • A summary of the report with the stats for passing and failing rules.

The Bear Publishing example application will trigger rule failures and output a full report. Here's a section of the output containing a failure snippet and the final summary:


HIGH: Application level encryption missing rule failure with PHI, PII
Application level encryption missing. Enable application level encryption to reduce the risk of leaking sensitive data.

File: /bear-publishing/db/schema.rb:22

 14 create_table "authors", force: :cascade do |t|
 15     t.string "name"
 16     t.datetime "created_at", null: false
 17     t.datetime "updated_at", null: false
 18   end

=====================================

Rule failures detected

14 rules were run and 12 failures were detected.

CRITICAL: 0
HIGH: 10 (Application level encryption missing, Insecure HTTP with Data Category,
          JWT leaking, Logger leaking, Cookie leaking, Third-party data category exposure)
MEDIUM: 2 (Insecure SMTP, Insecure FTP)
LOW: 0

The summary report is just one report type available in Curio. Additional options for using and configuring the scan command can be found in the scan documentation. For additional guides and usage tips, view the docs.

Please wait...
Page is in error, reload to recover