Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Installation

cargo install

Requires Rust 1.70 or later. Install via crates.io:

cargo install wardenscan

The binary is installed as warden in ~/.cargo/bin/. Ensure that directory is in your PATH.

Verify the installation:

warden --version

Pre-built Binaries

Pre-built binaries for Linux (x86_64, aarch64), macOS (x86_64, Apple Silicon), and Windows (x86_64) are available on the GitHub Releases page.

Download, extract, and place the binary in a directory on your PATH:

# Linux x86_64 example
curl -Lo warden.tar.gz https://github.com/projectwarden/warden/releases/latest/download/warden-linux-x86_64.tar.gz
tar xf warden.tar.gz
sudo mv warden /usr/local/bin/

Docker

A minimal Docker image is available:

docker pull ghcr.io/projectwarden/warden:latest

Run a scan by mounting your repository:

docker run --rm -v "$PWD:/repo" ghcr.io/projectwarden/warden:latest scan /repo

To output SARIF:

docker run --rm -v "$PWD:/repo" ghcr.io/projectwarden/warden:latest scan /repo --format sarif > results.sarif

GitHub Action

Add warden to any workflow to scan on every push and pull request. See the GitHub Action guide for full configuration.

- name: Run warden
  uses: projectwarden/warden@7f13104599d0c765952bc981e370b7c585e9f818  # v1.0.0
  with:
    path: .github/workflows
    fail-on: high

Updating

cargo install wardenscan --force

Or pull the latest Docker image:

docker pull ghcr.io/projectwarden/warden:latest