Tutorial: Your First Security Scan
Time: 10 minutes
Level: Beginner
Learn how to run your first security scan with Alprina.
What Youβll Learn
- Installing Alprina CLI
- Running a security scan
- Understanding scan results
- Generating reports
- Getting fix suggestions
Prerequisites
- Python 3.8 or higher
- pip package manager
- A code project to scan
Step 1: Install Alprina
Open your terminal and install Alprina:
pip install alprina-cliVerify the installation:
alprina --versionStep 2: Create Test Files
Letβs create some files to scan. Create a new directory:
mkdir alprina-demo
cd alprina-demoCreate a vulnerable Python file:
app.py
# Vulnerable code example
import os
# π¨ Hardcoded secret
API_KEY = "sk-1234567890abcdef"
def get_user(username):
# π¨ SQL injection vulnerability
query = f"SELECT * FROM users WHERE name = '{username}'"
return db.execute(query)
# π¨ Debug mode enabled
DEBUG = True
if __name__ == "__main__":
app.run(debug=DEBUG)Step 3: Run Your First Scan
Scan the file:
alprina scan app.pyYou should see output like:
π Starting scan on: app.py
β Found 3 issues
ββββββββββββββ³ββββββββββββββββββ³βββββββββββββββββββββββββ
β Severity β Type β Description β
β‘ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ©
β HIGH β Hardcoded Secretβ API key in source code β
β HIGH β SQL Injection β Unsanitized user input β
β MEDIUM β Debug Mode β Debug enabled β
ββββββββββββββ΄ββββββββββββββββββ΄βββββββββββββββββββββββββStep 4: Generate a Report
Create a detailed HTML report:
alprina report --format htmlThe report will open automatically in your browser showing:
- All vulnerabilities found
- Severity ratings
- Code locations
- Fix recommendations
Step 5: Get Fix Suggestions
Get AI-powered mitigation advice:
alprina mitigateAlprina will suggest fixes like:
π οΈ Mitigation Suggestions
1. Hardcoded Secret (HIGH)
Location: app.py:5
Fix: Store secrets in environment variables
# Instead of:
API_KEY = "sk-1234567890abcdef"
# Use:
API_KEY = os.getenv("API_KEY")
2. SQL Injection (HIGH)
Location: app.py:9
Fix: Use parameterized queries
# Instead of:
query = f"SELECT * FROM users WHERE name = '{username}'"
# Use:
query = "SELECT * FROM users WHERE name = ?"
cursor.execute(query, (username,))Step 6: Fix the Issues
Update your code based on the suggestions:
app.py
# Fixed code
import os
# β
Secret from environment
API_KEY = os.getenv("API_KEY")
def get_user(username):
# β
Parameterized query
query = "SELECT * FROM users WHERE name = ?"
return db.execute(query, (username,))
# β
Debug from environment
DEBUG = os.getenv("DEBUG", "False") == "True"
if __name__ == "__main__":
app.run(debug=DEBUG)Step 7: Verify the Fixes
Run the scan again:
alprina scan app.pyYou should now see:
π Starting scan on: app.py
β
No issues found!Congratulations!
Youβve successfully:
- β Installed Alprina
- β Run a security scan
- β Understood the results
- β Generated a report
- β Fixed vulnerabilities
Next Steps
- CI/CD Integration - Automate scanning
- Security Policies - Custom rules
- Advanced Scanning - Power features
π‘οΈ Build fast. Guard faster.
Last updated on