To use ShiftLeft products, you must first authenticate with ShiftLeft. There are two methods for authenticating, by using:
Environment Variables (ShiftLeft Inspect only)
The first time you log into ShiftLeft, if you are running ShiftLeft on either Linux or MacOS X, you obtain your authentication credentials (organization ID and access token) from the Welcome page of the ShiftLeft Dashboard.
Subsequently, you can obtain your credentials from the Account Settings page of the ShiftLeft Dashboard.
Once authenticated, the ShiftLeft CLI creates the local file
$HOME/.shiftleft/config.json for Linux and MacOS X and
%HOME%/.shiftleft/config.json for Windows. This file contains your Organization ID and Access Token, and is required by the ShiftLeft CLI. For Linux and MacOS X, if the
$HOME environment variable is not set locally, the CLI uses the path
The ShiftLeft CLI command
sl auth is used to authenticate with ShiftLeft and associate your applications with your organization.
When you run
sl auth without any arguments you are prompted for the credentials:
ShiftLeft Organization ID
ShiftLeft Access Token
Alternatively you can use
sl auth --org "$ORG" --token "$TOKEN" with the same values.
If you are using a CI/CD tool to submit applications to ShiftLeft Inspect for analysis, create the following environment variables to automate the authentication process:
Environment variable for Organization ID:
Environment variable for Access Token:
Note that the Upload Token was replaced by the Access Token in
sl --version v0.7.1030. For
sl --version prior to v.0.7.1030 please upgrade or use
Environment variable for Upload Token: