CLI Tools Installation

Quick reference for installing every external CLI tool used by SnakeFlow’s Quality Hub.

gh — GitHub CLI

Required for GitHub Issues, PRs, and CI features.

winget install GitHub.cli
gh auth login

brew install gh
gh auth login

sudo apt install gh    # Debian/Ubuntu
sudo dnf install gh   # Fedora
gh auth login

act — GitHub Actions locally

winget install nektos.act

brew install act

curl -s https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash

Docker Desktop

Required for container management and Bearer scan (Linux/macOS).

Windows / macOS
Linux

Download from docker.com/products/docker-desktop and run the installer.

curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
newgrp docker

Semgrep — SAST

pip install semgrep
# or
pip3 install semgrep

# Verify
semgrep --version

Trivy — CVE Scanner

winget install AquaSecurity.Trivy

brew install trivy

curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh \
  | sh -s -- -b /usr/local/bin

Hadolint — Dockerfile Linter

winget install hadolint

brew install hadolint

curl -sL https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 \
  -o /usr/local/bin/hadolint
chmod +x /usr/local/bin/hadolint

ShellCheck — Shell Script Linter

winget install koalaman.shellcheck

brew install shellcheck

sudo apt install shellcheck      # Debian/Ubuntu
sudo dnf install ShellCheck      # Fedora

golangci-lint — Go Linter

winget install golangci-lint

brew install golangci-lint

go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest

Bandit — Python Security

pip install bandit
# or
pip3 install bandit

bandit --version

Bearer — SAST (macOS/Linux only)

# macOS
brew install bearer/tap/bearer

# Linux
curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh

bearer version

Windows: Bearer has no native Windows binary. Use WSL2:

Install WSL2: wsl --install
Inside WSL: curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh
Set in settings: "devManager.quality.builtin.bearer.path": "wsl bearer"

ESLint Security Plugin

npm i -D eslint eslint-plugin-security

jscpd — Copy-Paste Detection

npm i -D jscpd
# or globally
npm i -g jscpd

Stryker — Mutation Testing

npm i -D @stryker-mutator/core @stryker-mutator/jest-runner