Documentation

CodePhreak Documentation

Everything you need to secure your applications with CodePhreak’s comprehensive security platform.

Quick Start

Get up and running with CodePhreak in under 2 minutes. This guide will walk you through installation and your first security scan.

Prerequisites

  • Python 3.8+ or Node.js 18+
  • Git repository with source code
  • Terminal access

Installation

🐍 Python (Recommended)

$ curl -fsSL https://codephreak.ai/install.sh | sh
# Installs via pip --user and updates PATH
$ codephreak --version

Alternative: pip install --user codephreak-security-auditor

📦 Node.js

$ npm install -g @codephreak/security-auditor
# Verify installation
$ codephreak --version

Alternative Methods

Homebrew (macOS)

brew install codephreak/tap/security-auditor

Docker

docker pull codephreak/security-auditor

Your First Scan

Basic Scan

# Navigate to your project
$ cd /path/to/your/project

# Run basic security scan
$ codephreak audit --path .

# Scan specific directory
$ codephreak audit --path src/

# Generate detailed report
$ codephreak audit --path . --output-format html --output report.html

What CodePhreak Scans

Security Issues

  • SQL injection vulnerabilities
  • Cross-site scripting (XSS)
  • Authentication flaws
  • Insecure cryptography
  • Command injection

Code Quality

  • Hardcoded secrets
  • Dependency vulnerabilities
  • Container misconfigurations
  • Infrastructure as Code issues
  • Compliance violations

CLI Commands

Core Commands

codephreak audit --path .

General scan (defaults to full-audit workflow)

codephreak sast --path src/

Code/SAST-focused scan (quick-check workflow)

codephreak sca --path .

Dependency/SCA scan (full-audit workflow)

codephreak iac --path infra/

IaC scan (full-audit workflow)

codephreak secrets --path .

Secrets scan (quick-check workflow)

codephreak containers --path .

Container/Docker-focused scan (full-audit workflow)

codephreak web --path .

Web-app footprint scan (quick-check workflow)

codephreak sbom . --format cyclonedx-json --output sbom.json

Generate SBOM via Syft (CycloneDX/SPDX)

Configuration

codephreak.yml Example

# CodePhreak Configuration File
version: "1.0"

# Scan settings
scan:
  # Include/exclude patterns
  include:
    - "src/**"
    - "lib/**"
  exclude:
    - "node_modules/**"
    - "*.test.js"
    - "*.min.js"

# Security tools to run
tools:
  bandit: true      # Python security linting
  semgrep: true     # Multi-language static analysis
  trivy: true       # Vulnerability scanning
  gitleaks: true    # Secret detection
  
# Output configuration
output:
  format: "json"    # json, sarif, html, pdf
  file: "security-report.json"
  
# Premium features (requires authentication)
premium:
  ai_analysis: true
  compliance_check: ["PCI-DSS", "HIPAA"]
  priority_scoring: true

CI/CD Integration

GitHub Actions

name: Security Scan
on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - uses: codephreak/security-auditor-action@v1
      with:
        api-key: ${{ secrets.CODEPHREAK_API_KEY }}
        fail-on: high

GitLab CI

security_scan:
  stage: test
  image: codephreak/security-auditor
  script:
    - codephreak audit --path .
      --output-format sarif
      --output security.sarif
  artifacts:
    reports:
      sast: security.sarif

API Reference

CodePhreak provides a REST API for integrating security scanning into your applications.

Contact us for API access