From the repository root:
go -C .\app test ./...go -C ./app test ./...Repository checkout helper:
.\sentilook.ps1 version./sentilook.sh version./sentilook.sh versionDirect module alternative:
go -C .\app run ./cmd/sentilook versionExpected output style:
Sentilook CLI (sentilook) v0.2.2 (commit ...)
.\sentilook.ps1 scan .\demo\demo-secrets --config .\app\configs\default.yaml./sentilook.sh scan ./demo/demo-secrets --config ./app/configs/default.yaml./sentilook.sh scan ./demo/demo-secrets --config ./app/configs/default.yamlExpected behavior:
- Sentilook prints run-specific report and audit paths
- The process exits with code
1when findings exist - The default HTML output is share-safe and uses masked previews plus reduced path exposure
- The repository-root wrappers normalize the scan target,
--config, and--outpaths for you
.\sentilook.ps1 scan .\demo\demo-secrets --config .\app\configs\default.yaml --format sarif./sentilook.sh scan ./demo/demo-secrets --config ./app/configs/default.yaml --format sarifExpected behavior:
app/reports/latest.sarif.jsonis generated- Findings use masked previews only
app/reports/latest.htmlapp/reports/latest.sarif.jsonapp/logs/audit.jsonl
Historical outputs remain available as timestamped files.
Use this when you want a clean Linux check without changing the host machine.
docker run --rm -v "$PWD:/workspace" -w /workspace/app golang:1.24-bookworm \
bash -c 'go test ./... && go run ./cmd/sentilook scan ../demo/demo-secrets --config ./configs/strict.yaml --out ./reports || [ "$?" -eq 1 ]'Notes:
- the strict demo run exits with
1because findings are expected - reports and logs are written back into the mounted repository
Use local operator mode only when you need full local file paths during remediation.
report:
share_safe_mode: falseNotes:
- the HTML report will show full local file paths
- operator-mode artifacts are local-only and should not be shared
- raw secret previews remain masked even in operator mode