Set up NG SAST on a local workstation

This article shows you how to set up and configure ShiftLeft CORE so that it runs on a standalone workstation.

Register for a ShiftLeft account

Register for a ShiftLeft account if you haven't already.

You will be prompted to create an organization. Provide a name for your organization and click Create Organization to proceed.

Installing NG SAST

You can install and use NG SAST via the ShiftLeft CLI.

To install the ShiftLeft CLI, run the provided command-line command to download and adjust the permissions for the CLI:

curl > $HOME/sl && chmod a+rx $HOME/sl

To make the sl executable globally accessible, move it into a directory that is part of your $PATH, e.g., /usr/local/bin:

sudo mv $HOME/sl /usr/local/bin/

Authenticating with ShiftLeft

Once you have the ShiftLeft CLI installed, you need to associate the CLI with your ShiftLeft account. This step will accomplish two things: link the CLI running on your machine with your account using ShiftLeft's API (the token included is needed to call the API) and associate your applications with your organization.

First, you'll need your access token, which you can obtain in the Dashboard.

Once you have your access token, create an environment variable called SHIFTLEFT_ACCESS_TOKEN and set its value to your access token.

If you're using Windows, be sure to set the environment variable at the user level, not the system level.

While setting an environment variable is the preferred method, you can use sl auth instead to authenticate with ShiftLeft and associate your applications with your organization.

sl auth --token "YOUR_ACCESS_TOKEN"
# for Windows users
.\sl.exe auth --token "YOUR_ACCESS_TOKEN"

With the sl auth method, you can confirm or update your auth values by reviewing the configuration file located at .shiftleft\config.json. Note that this is a hidden file that is located in your home directory (e.g., <root>\Users\<username>\.shiftleft\config.json for Windows users and /Users/<username>/.shiftleft/config.json for macOS users).


To uninstall ShiftLeft:

  • Delete the sl executable from /usr/local/bin/ (macOS/Linux) or sl.exe (Windows) executable from the installation location
  • Delete the .shiftleft folder that's stored in your home directory

Next steps

Ensure that the workstation on which you run NG SAST has all of the dependencies required. When done, you are ready to run NG SAST. See the following articles for language-specific information on analyzing your application:

Back to overview.