Quickstart
Start finding vulnerabilities in less than 5 minutes.
Choosing a repository
Head to https://app.octane.security and select ‘Sign in with GitHub’.
From there, you’ll be asked to select a repository to test.
If you’re having issues with GitHub authentication, reach out to nathan@octane.security to be added to the whitelist. Only approved accounts are able to access Octane.
Analysis
Once testing begins, you’ll be directed to a dashboard.
This dashboard is where you’ll be able to see the progress of the current analysis, and check for any issues Octane has identified.
An Octane run consists of three main parts:
Once an analysis begins, results will continue to stream in until all solidity smart contracts in the repository are analyzed.
Vulnerability Detectors typically complete after the first few minutes of analysis, while Attack Simulations on a Mainnet Fork run by default over 1 hour, but can be configured to run longer for even more thorough and niche analysis.
Once found, issues from any engine can be found in the “All Vulnerabilities” tab.
Interpreting a Vulnerability Finding
Each identified vulnerability has 7 main parts:
- Vulnerability type
- General vulnerability description
- Source code link
- Confidence
- Severity
- Detailed explanation of how the vulnerability exists in your code
- Detailed fix suggestion (powered by the Code Fix Engine)
By default, our Code Fix Engine provides an in-depth explanation of the relevant vulnerability.
This engine suggests a draft of a code fix based on its knowledge of the vulnerability and past similar auditor-approved fixes.
Did you know? While it specializes in issues detected by Octane, the
Code Fix Engine may also be accessed by itself following an audit to suggest
fixes for each of the auditor-identified issues.
This can massively cut down on the cost and time needed to send back code to auditors
for reevaluation.
Was this page helpful?