依照下述教程疾速批量扫描您的仓库,一旦新的攻打或 0Day 呈现,通过资产清单即可疾速定位破绽及影响范畴、无效缩短响应工夫。 装置 opensca-cli办法一:一键装置 -Windows(须要 PowerShell) iex "&{$(irm https://raw.githubusercontent.com/XmirrorSecurity/OpenSCA-cli/master/scripts/install.ps1)}"# 如果在下载中遇到网络问题,可尝试应用以下命令iex "&{$(irm https://gitee.com/XmirrorSecurity/OpenSCA-cli/raw/master/scripts/install.ps1)} gitee"Linux/MacOScurl -sSL https://raw.githubusercontent.com/XmirrorSecurity/OpenSCA-cli/master/scripts/install.sh | sh# 如果在下载中遇到网络问题,可尝试应用以下命令curl -sSL https://gitee.com/XmirrorSecurity/OpenSCA-cli/raw/master/scripts/install.sh | sh -s -- gitee办法二:应用包管理器装置 Windows (通过 Winget 装置)winget install opensca-cliWindows (通过 Scoop 装置)scoop bucket add extrasscoop install extras/opensca-cliMacOS/Linux (通过 Homebrew 装置)brew install opensca-cli办法三:手动装置 从 GitHub 或 Gitee 仓库下载对应零碎和处理器架构的压缩包,解压到任意目录即可应用。 生成 Gitlab Token登录 Gitlab > User Settings(用户设置) > Access Tokens(拜访令牌) 新建令牌并授予 read\_repository 权限 下载脚本curl -O https://raw.githubusercontent.com/XmirrorSecurity/OpenSCA-cli/master/scripts/gitlab_scan.py装置依赖python 3.x: https://www.python.org/downloads/python-gitlab: pip install python-gitlab配置脚本批改 gitlab\_scan.py 中 gitlab\_url 和 gitlab\_token 填入 gitlab 地址和拜访令牌 # ...if __name__ == "__main__": scan_gitlab( gitlab_url="gitlab 地址", gitlab_token="gitlab token", )