A few weeks ago, we released Minder, an open source platform that can help you more easily apply security settings and policies across multiple GitHub repos. In this post, I’m going to show you how easy it is to install and start using Minder with our new minder quickstart command.
Minder has two components:
minder-server: An API server that provides the core functionality of Minder.
minder CLI: A command-line interface that allows you to interact with the Minder REST API.
You'll be using the public server instance of Minder and the minder CLI to interact with it. You don’t need to deal with configuration files—we bundle everything and provide it to you.
Below, I’ll walk through the steps for getting started with Minder.
Installation and log-in
Because we’re already providing the minder-server for you, to get started, you just need to install the minder CLI and you are ready to go!
Minder offers multiple installation methods for flexibility:
Build Minder from source by following the instructions in the build-from-source section of the README file.
Now that we have the CLI installed, you can authenticate to the public instance of Minder using your GitHub account. Entering the command below will bring up a sign-in window, where you can sign in with your account:
Shell (Bash)
minder auth login
Now you’re ready to get started!
Getting started with Minder in 4 simple steps
Our quickstart command guides you through the process of creating your first rule type and profile in just a few seconds!
Shell (Bash)
minder quickstart
In Minder, rule types and profiles allow you to describe the desired security posture of your repositories. Profiles group and manage rule types for various entities like repositories, pull requests, and artifacts across your registered GitHub repositories.
The quickstart process in our CLI guides you through enrolling your provider, selecting repositories, creating a rule type (e.g., secret_scanning), and establishing a profile enabling secret scanning for the chosen repositories. On each step, you’ll see a description of what you are about to do, along with the command that is to be executed, like this:
Let’s walk through the commands you’ll enter at each step to get started.
Step 1: Enroll your provider
The first step of the quickstart process is to enroll your provider:
Shell (Bash)
minder provider enroll --provider github
Step 2: Register your repository
After enrolling your provider, it’s time to register the repositories. Select the repositories that you want to register with Minder and hit “Enter.”
Step 3: Create your first rule type
Let’s create our first rule type! In this case, you are going to create a secret scanning rule type. With this rule type in place, you can consistently prevent secrets from being leaked across all of your registered repos.
Shell (Bash)
minder rule_type create -f secret_scanning.yaml
Step 4: Create your first profile
At this point, you should have successfully enrolled your provider, registered your repositories and created your first rule type. What’s left is to create a profile that uses that rule type, and enforce this policy across your registered repositories!
By default, Minder will enable the remediate and alert features, so that we can automatically remediate any non-compliant repos and alert you if needed.
Shell (Bash)
minder profile create -f quickstart-profile.yaml
Upon successful completion, you’ll see a confirmation like this:
Congratulations! 🎉 You've successfully created your first profile and enabled secret scanning protection on all registered repositories! If for any reason someone accidentally disables it on any of your repositories, Minder will automatically remediate this and change it back so it matches your profile.
You can see a more in-depth overview of your profile status and details of the rule evaluations for each registered repository by running the following command:
Shell (Bash)
minder profile_status list --profile quickstart-profile --detailed
What's Next?
Ensuring your software is built on a foundation of robust security practices is a challenge. Minder’s goal is to simplify this for you. With just a few commands, you can do a one-time setup of your security posture for all of your repositories, and make sure your repos are always compliant.
