Skip to main content

Choosing a repository

Head to https://app.octane.security and select ‘Sign in with GitHub’. From there, you’ll be asked to select a repository to test.
If you’re having issues with GitHub authentication, reach out to gio@octane.security to be added to the whitelist. Only approved accounts are able to access Octane.You can also book a demo on the website here

Analysis

Once testing begins, you’ll be directed to a dashboard. This dashboard is where you’ll be able to see the progress of the current analysis, and check for any issues Octane has identified. An Octane run consists of three main parts:

Standard Detectors

Advanced Detectors

Experiment Detectors

Once an analysis begins, results will continue to stream in until all solidity smart contracts in the repository are analyzed. Vulnerability Detectors typically complete in 1-10 minutes depending on the number of code paths in the AST. Once found, issues from any engine will be surfaced in the “Vulnerabilities” tab.

Interpreting a Vulnerability Finding

Each identified vulnerability has 6 main parts:
  1. Vulnerability type
  2. General vulnerability description
  3. Source code link
  4. Severity
  5. Detailed explanation of how the vulnerability exists in your code
  6. Detailed fix suggestion (powered by the Code Fix Engine)
By default, our Code Fix Engine provides an in-depth explanation of the relevant vulnerability. This engine suggests a draft of a code fix based on its knowledge of the vulnerability and past similar auditor-approved fixes.