Merge pull request #39 from OPPIDA/docs/docker-integration

nolliv22 · web-flow · commit 136e72a7f090 · 2026-01-08T09:56:27.000+01:00
diff --git a/README.md b/README.md
@@ -45,14 +45,14 @@ For more details on the design and integration of SAST tools and datasets in Cod
 
 ## SAST Tool Integration Status
 
-|SAST Tool|Languages|Maintained|Continuous Testing|Last Test Date|
-|:---:|:---:|:---:|:---:|:---:|
-|Coverity|Java|⚠️<br>(Deprioritized)|❌<br>(Proprietary)|October 2025|
-|Semgrep Community Edition|C/C++, Java|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)|
-|Snyk Code|C/C++, Java|✅|❌<br>(Rate limited)|November 2025|
-|Bearer|Java|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)|
-|SpotBugs|Java|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)|
-|Cppcheck|C/C++|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)|
+|SAST Tool|Languages|Maintained|Included in Docker|Continuous Testing|Last Test Date|
+|:---:|:---:|:---:|:---:|:---:|:---:|
+|Coverity|Java|⚠️<br>(Deprioritized)|❌|❌<br>(Proprietary)|October 2025|
+|Semgrep Community Edition|C/C++, Java|✅|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)|
+|Snyk Code|C/C++, Java|✅|❌|❌<br>(Rate limited)|November 2025|
+|Bearer|Java|✅|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)|
+|SpotBugs|Java|✅|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)|
+|Cppcheck|C/C++|✅|✅|✅|[Latest PR](https://github.com/OPPIDA/CodeSecTools/actions/workflows/ci.yaml)|
 
 ## Usage
 
@@ -143,4 +143,4 @@ for plot_function in graphics.plot_functions:
     fig = plot_function()
     fig.show()
 ```
-<!--end-include-->
+<!--end-include-->
diff --git a/docs/home/quick_start_guide.md b/docs/home/quick_start_guide.md
@@ -6,8 +6,6 @@ This guide mainly used the tool on Java projects, it is perfectly possible to ru
 
 ## 1. Prerequisites
 
-For this guide, there are two ways to install the tool:
-
 !!! cube "Local installation"
     - You will need to install the following packages:
 
@@ -22,55 +20,57 @@ For this guide, there are two ways to install the tool:
         - [Semgrep Community Edition](/sast/supported/semgrepce.j2.html){:target="_blank"}
         - [SpotBugs](/sast/supported/spotbugs.j2.html){:target="_blank"}
 
-!!! docker "Docker image"
-    A Docker image is available with the prerequisites installed.
-    You can use it to run CodeSecTools without installing extra packages on your system.
+!!! docker "Docker container"
+    CodeSecTools can start a Docker container with some SAST tools (free and open-source) and packages installed.
+
+    You still need to install CodeSecTools normally and then invoke the CLI command to start the Docker container.
+    There is no a Docker image that you can pull and run directly for the following reasons:
 
+    - CodeSecTools source code is copied **locally** and then installed in the Docker image
+    - UID and GID of the current user is gathered at build time to **fix mounted volume permission issues**
 
 ## 2. Installation
 
-!!! cube "Normal installation"
+- Clone the repository:
+```bash
+git clone https://github.com/OPPIDA/CodeSecTools.git
+cd CodeSecTools
+```
+
+- Install the project:
 
-    - Clone the repository:
+    - Using [uv](https://github.com/astral-sh/uv):
     ```bash
-    git clone https://github.com/OPPIDA/CodeSecTools.git
-    cd CodeSecTools
+    uv tool install .
     ```
 
-      - Install the project:
-
-        - Using [uv](https://github.com/astral-sh/uv):
-          ```bash
-          uv tool install .
-          ```
-
-        - Using [pipx](https://github.com/pypa/pipx):
-          ```bash
-          pipx install .
-          ```
-
-        - Using pip (not recommended, as it can break your system packages):
-          ```bash
-          pip install .
-          ```
+    - Using [pipx](https://github.com/pypa/pipx):
+    ```bash
+    pipx install .
+    ```
 
-!!! docker "Docker image"
-    Create a new directory which will be mounted in the docker container and start the container:
+    - Using pip (not recommended, as it can break your system packages):
     ```bash
-    mkdir codesectools_quick_start_guide
-    cd codesectools_quick_start_guide
-    cstools docker
+    pip install .
     ```
 
-    Then inside the container:
+## 3. First run
+
+??? docker "Docker container"
+    You can start a Docker container to run CodeSecTools to analyze the current directory:
     ```bash
-    cd codesectools_quick_start_guide
+    cd $TARGET_DIR
+    cstools docker
+    # Or
+    cstools docker --target $TARGET_DIR
     ```
 
-    Only data inside `./codesectools_quick_start_guide` are saved.
+    Use `--isolation` flag to start Docker container without networking, make sure to download external resources on the host (which has internet connexion) before. 
 
+    Only the following directories are mounted in the Docker container:
 
-## 3. First run
+    - `$TARGET_DIR` (your source code directory)
+    - `~/.codesectools` (your CodeSecTools data, in particular storing the analysis result)
 
 !!! abstract  "Install completion (optional)"
     *Completion is already installed in the Docker container.*
