Let's discover Scout in less than 5 minutes!.
Scout is an extensible open-source tool intended to assist ink! smart contract developers and auditors detect common security issues and deviations from best practices. This tool helps developers write secure and more robust smart contracts.
- A list of vulnerabilities, best practices and enhancements, together with associated detectors to identify these issues in your code
- Command Line Interface (CLI)
- VSCode Extension
What you'll need
You should be able to install and run Scout without issues on Mac, Linux or Windows.
Command Line Interface (CLI)
The command line interface is designed to allow you to run Scout on an entire project. It is especially useful for auditing or performing a final review of your code.
FIn order to install the Command Line Interface, first install Scout dependencies by running the following command:
cargo install cargo-dylint dylint-link
Afterwards, install Scout with the following command:
cargo install cargo-scout-audit
To run Scout on your project, navigate to its root directory and execute the following command:
In the table below, we specify all the option available for the CLI.
|Runs the static analyzer on the current directory
cargo scout-audit --help
|Provides a brief explanation of all the available commands and their usage.
cargo scout-audit --manifest-path <PATH_TO_CARGO_TOML>
|This option is used to specify the path to the Cargo.toml file that you want to analyze.
cargo scout-audit --filter <DETECTOR_LIST_SEPARATED_BY_COMAS>
|This option allows you to analyze code using specific detectors. Provide a comma-separated list of detectors for this purpose.
cargo scout-audit --exclude <DETECTOR_LIST_SEPARATED_BY_COMAS>
|With this command, you can exclude specific detectors from the analysis. You need to give a comma-separated list of the detectors to be excluded.
cargo scout-audit --list-detectors
|Display a list of all available detectors.
cargo scout-audit --version
|Displays the current version of the static analyzer.
cargo scout-audit --verbose
|Print additional information on run
cargo scout-audit --local-detectors <PATH_TO_FOLDER>
|Uses the detectors of a local folder. This considers the sub-folders as detectors.
cargo scout-audit --output-format [text\|json\|html\|sarif]
|Sets the output format. Selecting
sarif will create a file with the output
cargo scout-audit --output-path <PATH_TO_OUTPUT_FILE>
|Sets the output path. If a format was selected, this will replace the default file with the given one
We built the Scout VSCode Extension to help developers write secure and more robust smart contracts. Listing security issues, and highlighting issues with squiggles and hover-over descriptions, we hope our extension will help you catch vulnerabilities during development.
Install Scout from the Marketplace within the Extensions tab of Visual Studio Code. You can find the extension here.
You'll also need to have installed the CLI, as the extension uses the CLI to perform the analysis. You can find instructions for installing the CLI here.
After you've installed the extension, simply open a project workspace that contains any ink! (.rs) files. You will see potential issues and warnings via a wiggle underline of the relevant code.