Skip to main content
Version: 1.4.0

Quick Start Guide

This guide provides a brief overview of how to get started with SAFE.

Download and Install SAFE

First, download the SAFE archive for your operating system from the Download SAFE CLI page and follow the installation steps there. In short:

  • Linux — extract the archive and add it permanently to your ~/.bashrc
  • macOS — extract the archive and add it permanently to your ~/.zshrc (or ~/.bash_profile if you use Bash)
  • CI/CD — download and extract on the fly, then export PATH for the duration of the job

After installation, confirm SAFE is available:

safe --version

Setup SAFE for your project

The next step is to setup SAFE for your Erlang/Elixir project. You can do this by using the SAFE CLI. During the setup process, a fingerprint.json file and a config.json file will be generated.

To set up SAFE, run SAFE's setup command in your project directory. Detailed instructions can be found on the Setting up SAFE page.

info

After the setup process has been completed, please send us the generated fingerprint.json file to safe@erlang-solutions.com to help generate the License for the project. If you are a maintainer of an open-source project, you may be eligible for a free license. Please include the URL of the project in the email.

Run SAFE in your CI/CD pipeline

In your CI/CD pipeline, download and install the SAFE CLI as part of the security job (see the Download page for the exact commands), then run:

safe analyse --config-path .safe/config.json

Set SAFE_LICENSE as a secret or environment variable in your CI/CD system so SAFE can authenticate.

Incremental analysis

SAFE stores its analysis state in ~/.safe. Cache this directory between pipeline runs and SAFE will only re-analyse files that have changed — significantly speeding up subsequent checks. Most CI/CD systems support path caching out of the box; see the Download page for a full CI/CD example.

Review the Results

After the successful execution of SAFE in your CI/CD pipeline, you will receive a detailed report highlighting any vulnerabilities found in your codebase. You can review these results to understand and address potential security issues. If you configured SAFE to print the results to the console, you can see them directly in your CI/CD job logs. If you also configured it to generate the report file, you can find it also on the disk. (Please refer to the Configuration page for more details on configuring the output options.)

Support

If you encounter any issues or have questions while using SAFE, please feel free to reach out to us.

Contents