init
Descriptionโ
Initializes a package store for the rl-secure
CLI.
Package storeโ
Package stores are special directories used by rl-secure
to keep all the data about your projects, packages, and package versions (analyzed files).
More specifically, package stores contain the following data:
- copies of - or symbolic links to - scanned software packages (required for
rl-secure sync
) - policy configuration files for the whole package store, as well as for individual projects and packages
- reports and other relevant analysis metadata for report creation
To use rl-secure
, you must initialize at least one package store.
You can have multiple package stores in different locations and use them with the same rl-secure
installation.
When you have multiple package stores, you can specify which one to use with the --rl-store
or -s
option when running rl-secure
commands.
The package store directory is always called .rl-secure and created inside the directory you specified when initializing the store. Depending on your operating system, the package store directory may be treated as "hidden" and may not be visible by default when you try to browse its contents. Graphical file managers usually have a setting to display hidden files and folders. You can also access the package store from the command-line interface and use the appropriate commands to show all files in the package store.
A package store can be created either locally or on a shared storage. Choosing the location of your package store depends on your use-case or the desired CI workflow.
Password vaultโ
The password vault feature lets you securely save passwords that rl-secure
will use to decrypt password-protected files during analysis.
Without passwords, rl-secure
cannot fully process such files, which results in incomplete analysis results.
When you initialize a package store, it does not use the password vault by default. To ensure that your password-protected files can be decrypted and analyzed, you can add the password vault to your package store during initialization. This will allow you to save passwords for every password-protected file you want to analyze. That way, you don't need to type in passwords when reanalyzing files.
To initialize the vault, specify a value for the "master" vault key with the --vault-key
option.
This key allows you to access the password vault for that package store and modify passwords inside it.
It also keeps your password vault safe from any possible attacks.
Once initialized, the password vault for your package store cannot be removed. You can only remove individual passwords from the vault.
Initial SAFE Levels settingsโ
When you initialize a package store, it uses the SAFE Levels feature which is set to level 5 (L5) by default.
All projects and packages created in the package store inherit and use L5 automatically.
To set a different level when initializing the store, use the --rl-level
option.
To disable SAFE Levels for a package store altogether, set the --rl-level
option to 0 (zero).
You can change the level setting in the package store policy configuration at any time, or override it for specific projects and packages in their respective policy configuration files.
Configuration changes require synchronization, so make sure to run rl-secure sync
after modifying policy configuration files.
Usageโ
rl-secure init [<rl-store>]
Optionsโ
Option | Description |
---|---|
-h, --help | Display usage information and exit. |
-s, --rl-store ย ย | Filesystem path to a directory where to initialize the package store. If not provided, it is initialized in the current directory. |
--vault-key | Initialize a new package store with the password vault. The value specified with this parameter will be used as the password vault key. Note that this value is case-sensitive and can be changed at any time. |
--rl-level | Initialize the package store with the specified SAFE Level setting. Specify the level as an integer value from 0 to 5 (for example, --rl-level=4 ). When set to 0, the package store is initialized without SAFE Levels. By default, the initial level setting applies to all projects and packages created in the store. You can override the setting for specific projects and packages in their policy configuration files. |
Examplesโ
Initialize a package storeโ
This example initializes a new package store in the default or specified location. The default location is always the current working directory.
Because we do not specify or disable SAFE Levels in this example, the new package store is initialized with the default SAFE Levels setting (which is L5).
- Default location
- Specified location
- Output
rl-secure init
rl-secure init --rl-store=/home/armando/my-repository/
Package store initialized at /home/armando/my-repository/.rl-secure
You can now manage projects and packages in this store.
Use rl-secure create and rl-secure scan commands for the next steps.