/ts-python-sample

saple project to demosntrate TrustSource functionality

Primary LanguagePythonApache License 2.0Apache-2.0

Supported Versions License

TrustSource Python sample project

Sample TrustSource integration of a minimal Python application based on the popular web application framework Flask.

Getting started / set up

The minimal application is created using the official Flask tutorial available at Quickstart - A Minimal Application.

This example is based on Python 3, we recommend to use at least python 3.6. For package management we use pip together with virtual environments.

Let's start with cloning the sample application.

# clone a repo
git clone https://github.com/trustsource/ts-python-sample
cd ts-python-sample

Create a virtual envorinment for the project and activate it:

# create a virtual environment
python3 -m venv ./venv
# activate the newly created environment
source venv/bin/activate

Install required software:

# install Flask and the TrustSource scanner
pip install -r requirements.txt

Ensure that the web application works (press CTRL-C to terminate the application):

# run web application
export FLASK_APP=hello.py 
python -m flask run

Scan and dependency analysis

To scan the application using the TrustSource scanner, execute the following command:

# scan application
ts-pip-plugin ./

The scan results will be printed into the console. To submit the results to the TrustSource and execute analysis you need to register in the application first, generate an API-key and create a project. Please visit TrustSource for more details.

Before the submitting the result, please, create a TrustSource project file ts-plugin.json in the sample directory with the following content:

{
  "project" : "your project name",
  "apiKey" : "your API key",
  "skipTransfer" : false
}

Execute the scan again using the following command:

# scan application
ts-pip-plugin ./

If everything is set correctly you will see a message "Transfer success!". Open the web application to see results and execute analysis.

Contribution, Contact and Support

Feel free to reach out to the TrustSource Team by dropping us a message or providing issues. We 'ld love o hear your feedback to learn and improve. Contributions are welcome. Just clone, create your branch and send a pull request. Please make sure to agree to the contribution agreement and the coding guidelines.

If you like the tool and want to support our further work, feel free to support us with donations or sign a API-usage agreement. Thank you & best regards!