File Store Code Base Examples

Below are examples of how to use a file store / archive code base for an application asset:

Example One

In this example, you will package code up and place it correctly for the appliance to fetch.

Assume you are using Linux and Apache2, with a webfoot folder named ‘www’, the hostname ‘’, and the path ‘/www/’

This example will illustrate how to package up code from the "sast-playground' folder and place it in the correct location for the appliance to fetch:

linux-user:examples linuxuser$ ls

Compress the folder:

linux-user:examples linuxuser$ tar -czf r0.sast-playground.tar.gz sast-playground/

Compression will give you the following file:

linux-user:examples linuxuser$ ls
r0.sast-playground.tar.gz sast-playground

Move the tar.gz file to the webfoot under, for example, a folder named 'whitehat'.

linux-user:examples linuxuser$ mv r0.sast-playground.tar.gz /www/

Enter the following URI into Sentinel:

To update this code, you would overwrite the 'r0.sast-playground.tar.gz' folder in the webroot.

Example Two

In this example, you will add a directory option to an Apache configuration file

linux-user: vi /etc/apache2/apache2.conf

Add the following code:

<Directory /var/www/>
Options Indexes FollowSymLinks

Save and close the file. Restart Apache:

linux-user: /etc/init.d/apache2 restart

Enter the following URI into Sentinel:

With this setup Sentinel will scan the directory for the highest revision (‘r0,r1,r2' etc.) and download it for scanning. This way you don’t over-write the file but add to the directory with a higher ‘r' number each time. This has the added benefit of showing you the revision changes in the results (by displaying the name of the package we scanned).