bestfix script provides remediation and scan improvement suggestions for your application's key Qwiet preZero findings.
Before proceeding, please ensure that:
- You have Python 3.9 (or later) installed on your workstation;
- You have scanned your application at least once using Qwiet preZero;
- You have wkhtmltopdf installed if you'd like reports in PDF format.
We recommend that users on macOS use pyenv.
Before proceeding, create an environment variable called
SHIFTLEFT_ACCESS_TOKEN. Set its value to your access token, which is available in the dashboard).
How to run the
Navigate into the repo's
pip3 install -r requirements.txtto install the dependencies required by
bestfixby providing the following in the terminal:
python3 bestfix.py --all-ratings -a <yourApp> -s <pathToSourceCode>`
Note that all parameters are optional. If you provide no parameters, the script will, by default, generate information about reachable OSS findings and critical- and high-severity vulnerabilities.
The path to the application's directory; provide if the source code is available on the local workstation
The name of the application whose findings you'd like fix/remediation suggestions for; if omitted,
bestfixruns for all apps in your Qwiet organization
The location where you would like
bestfixto save the HTML copy of your results; if omitted,
bestfixsaves the report to the directory from which you ran
Include vulnerabilities of all severities in the results
python3 bestfix.py -a HelloShiftLeft -o /Users/janesmith/reports -s /Users/janesmith/demoApp
bestfix prints your results to the terminal, but you can also access an HTML copy saved to the location where you executed
bestfix.py (optionally, you can provide an alternative directory using
In the results, you'll find the following information:
- Fix suggestions for OSS vulnerabilities: a list of the reachable OSS findings present in your application, and the suggested upgrades to those packages that will remediate the findings
- Fix suggestions for vulnerabilities: a list of suggested fixes for findings present in your application
- Findings similarity analysis: groups of like vulnerabilities (i.e.,
bestfixgroups together all directory traversal/deserialization/etc. vulnerabilities); applying remediation to any one of these findings in a given group should correct all of the issues that are grouped with it
- Suggestions for scan improvements: a list of improvements that you can make to improve the performance or the usability of your results (e.g., tagging your results with the branch name for easy cross-referencing)
Non-admin users on Windows may see the following error:
ERROR: Could not install packages due to an OSError: [WinError 5] Access is denied
To work around this, pass the
--user flag as shown:
python -m pip install --upgrade pip --user
python -m pip install -r .\requirements.txt --user