{"id":24141788,"url":"https://github.com/coinfabrik/scout-workshop","last_synced_at":"2026-02-19T02:01:40.386Z","repository":{"id":250936528,"uuid":"817339029","full_name":"CoinFabrik/scout-workshop","owner":"CoinFabrik","description":"Learn to Scout for security issues and best practices in Soroban","archived":false,"fork":false,"pushed_at":"2024-10-30T18:25:29.000Z","size":1685,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-10-20T11:53:06.767Z","etag":null,"topics":["security","soroban","workshop"],"latest_commit_sha":null,"homepage":"https://github.com/CoinFabrik/scout-soroban","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CoinFabrik.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-06-19T13:51:42.000Z","updated_at":"2025-09-18T15:53:49.000Z","dependencies_parsed_at":"2025-09-10T04:10:24.540Z","dependency_job_id":null,"html_url":"https://github.com/CoinFabrik/scout-workshop","commit_stats":null,"previous_names":["coinfabrik/scout-workshop"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CoinFabrik/scout-workshop","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CoinFabrik%2Fscout-workshop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CoinFabrik%2Fscout-workshop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CoinFabrik%2Fscout-workshop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CoinFabrik%2Fscout-workshop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CoinFabrik","download_url":"https://codeload.github.com/CoinFabrik/scout-workshop/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CoinFabrik%2Fscout-workshop/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29600844,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-19T00:59:38.239Z","status":"online","status_checked_at":"2026-02-19T02:00:07.702Z","response_time":117,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["security","soroban","workshop"],"created_at":"2025-01-12T04:49:08.489Z","updated_at":"2026-02-19T02:01:40.368Z","avatar_url":"https://github.com/CoinFabrik.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Scout Workshop\n\n![https://img.shields.io/badge/license-MIT-green](https://img.shields.io/badge/license-MIT-green)\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"scout_workshop_banner.png\" alt=\"Scout in a Dark Forest\" center  /\u003e\n\u003c/p\u003e\n\nWelcome to the Scout Workshop repository! This repository contains all the necessary materials for our workshop on using Scout, CoinFabrik's bug detection tool for Soroban smart contracts. \n\nBelow you'll find a summary of the workshop agenda, installation guides, and examples we will work with during the sessions.\n\n## Workshop Agenda\n\nThe agenda for the workshop is as follows:\n\n1. **Intro and Tool Installation**\n   - Installing the CLI\n   - Installing the VSCode Extension\n   - Overview of Scout\n   - Key features and benefits\n3. **Scout execution**\n4. **Output interpretation**\n5. **Practical examples: using Scout to solve an issue**\n6. **CI/CD Integration: adding Scout to your GitHub pipeline**\n\nFor more details, please visit the [Workshop Landing Page](https://www.coinfabrik.com/scout-workshops/).\n\n## Workshop Notes\n\n### Installation\n\n#### CLI\n\nMake sure that [Cargo](https://doc.rust-lang.org/cargo/getting-started/installation.html) is installed on your computer. Then, follow install scout with the following command.\n\n```bash\ncargo install cargo-scout-audit\n```\n\nFor more information on installation and usage, please refer to the [Getting Started](https://coinfabrik.github.io/scout-soroban/docs/intro) section in our documentation section below.\n\n#### VSCode Extension\n\nAdd Scout to your development workspace with Scout's VS Code extension to run Scout automatically upon saving your file.\n\n:bulb: Before installing Scout VS Code Extension, make sure to install [rust-analyzer](https://marketplace.visualstudio.com/items?itemName=rust-lang.rust-analyzer) and Scout CLI.\n\n:point_right: Install Scout VS Code from [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=CoinFabrik.scout-audit).\n\n:bulb: Tip: To see the errors highlighted in your code, we recommend installing the [Error Lens Extension](https://marketplace.visualstudio.com/items?itemName=usernamehw.errorlens).\n\n### Excecution\n\n#### CLI\n\nTo run Scout on your project, navigate to the directory of your smart contract and execute the following command:\n\n```bash\ncargo scout-audit\n``` \n\nGenerate an HTML report with:\n\n```bash\ncargo scout-audit --output-format html\n``` \n\n:warning: Currently Scout doesn't offer full support for workspaces. If you have a workspace, run Scout in each member instead of running it in the workspace `Cargo.toml`.\n\n```\n├── your-soroban-project\n│   ├── your-smart-contract\n│   │   ├── // Run Scout here.\n│   │   ├── src\n│   │   |   ├── contract.rs \n│   ├── Cargo.lock\n│   ├── Cargo.toml\n│   ├── README.md\n\n```\n:warning: Make sure that your smart contracts compile properly. Scout won't run if any compilation errors exist.\n\n#### VSCode Extension\n\n:warning: To ensure the extension runs properly, make sure that you open the directory containing your smart contract, rather than the entire project. For example, if your smart contracts are located in `myproject/contracts`, and you want to work on the `token` contract while using the Scout VS Code Extension, open `myproject/contracts/token`.\n\n\n### Output Interpretation\n\nScout's output follows the following format.\n\n```console\nwarning: [Short description of the issue]\n  --\u003e src/lib.rs:[issue_line_start]:[issue_char_start]\n   |\n   |         some code;\n   |         ^^^^^^^^^^^^^^^^^^\n   |\n   = help: [Recommendation on how to remediate the issue]\n   = note: `#[warn([detector_name])]` on by default\n```\n\nHere:\n- `warning` provides a short description of the detected issue.\n- `help` provides a recommendation on how to fix the issue.\n- `note` indicates the detector triggered, which is turned on by default on the user profile. Check on [profile configuration](https://coinfabrik.github.io/scout-soroban/docs/intro#profile-configuration) to include or exclude detectors from your analysis.\n\n### Practical Examples\n\nTake a look at `example-1` and `example-2`. Let's run scout on these examples and see how to use the CLI and VSCode Extension.\n\n### Scout Action: CI/CD Example\n\nAdd Scout to every push to your repository with [Scout Action](https://github.com/CoinFabrik/scout-actions).\n\nIdentify the path to the smart contract you want to be analyzed and create a `.yml` file in `.github/workflows` like `scout.yml` below.\n\n```yml\nname: scout-workflow\non:\n  pull_request:\n    branches:\n      - main\n\njobs:\n  scout-audit:\n    runs-on: ubuntu-latest\n    permissions:\n      pull-requests: write\n      contents: write\n      repository-projects: write\n    steps:\n      - name: checkout\n        uses: actions/checkout@v4\n\n      - name: do scout\n        uses: coinfabrik/scout-actions@v3\n        with:\n          target: ''\n\n      - uses: mshick/add-pr-comment@v2.8.2\n        with:\n          message-path:  ${{ github.workspace }}/report.md\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoinfabrik%2Fscout-workshop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcoinfabrik%2Fscout-workshop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoinfabrik%2Fscout-workshop/lists"}