Merge pull request #76 from safedep/develop

Add Support for Community Endpoint for Insights API
safedep · Apr 19, 2023 · 454e87d · 454e87d
2 parents 8498ee5 + f537049
commit 454e87d
Show file tree

Hide file tree

Showing 9 changed files with 109 additions and 46 deletions.
diff --git a/README.md b/README.md
@@ -27,16 +27,25 @@ source dependencies and evaluate them against organizational policies.
 
 ## Getting Started
 
-- Download the binary file for your operating system/architecture from the [Official GitHub Releases](https://github.com/safedep/vet/releases)
+- Download the binary file for your operating system / architecture from the [Official GitHub Releases](https://github.com/safedep/vet/releases)
 
-- You can also install the vet using the homebrew in MacOS and Linux
+- You can also install `vet` using homebrew in MacOS and Linux
 
 ```bash
 brew tap safedep/tap
 brew install safedep/tap/vet
 ```
 
-- Get an API key for the vet insights data access for performing the scan
+- Alternatively, build from source
+
+> Ensure $(go env GOPATH)/bin is in your $PATH
+
+```bash
+go install github.com/safedep/vet@latest
+```
+
+- Get an API key for the vet insights data access for performing the scan.
+    Alternatively, look at [using community endpoint without API key](#using-community-mode)
 
 ```bash
 vet auth trial --email [email protected]
@@ -62,6 +71,16 @@ vet auth configure
 vet auth verify
 ```
 
+### Using Community Mode
+
+Community mode can be used to avoid registering and obtaining an API key.
+
+```bash
+vet auth configure --community
+```
+
+### Running Scan
+
 - Run `vet` to identify risks
 
 ```bash

diff --git a/auth.go b/auth.go
@@ -17,6 +17,7 @@ var (
 	authInsightApiBaseUrl      string
 	authControlPlaneApiBaseUrl string
 	authTrialEmail             string
+	authCommunity              bool
 )
 
 func newAuthCommand() *cobra.Command {
@@ -42,16 +43,24 @@ func configureAuthCommand() *cobra.Command {
 	cmd := &cobra.Command{
 		Use: "configure",
 		RunE: func(cmd *cobra.Command, args []string) error {
-			fmt.Print("Enter API Key: ")
-			key, err := term.ReadPassword(syscall.Stdin)
-			if err != nil {
-				panic(err)
+			var key []byte
+			var err error
+
+			if !authCommunity {
+				fmt.Print("Enter API Key: ")
+				key, err = term.ReadPassword(syscall.Stdin)
+				if err != nil {
+					panic(err)
+				}
+			} else {
+				authInsightApiBaseUrl = auth.DefaultCommunityApiUrl()
 			}
 
 			err = auth.Configure(auth.Config{
 				ApiUrl:             authInsightApiBaseUrl,
 				ApiKey:             string(key),
 				ControlPlaneApiUrl: authControlPlaneApiBaseUrl,
+				Community:          authCommunity,
 			})
 
 			if err != nil {
@@ -65,6 +74,8 @@ func configureAuthCommand() *cobra.Command {
 
 	cmd.Flags().StringVarP(&authInsightApiBaseUrl, "api", "", auth.DefaultApiUrl(),
 		"Base URL of Insights API")
+	cmd.Flags().BoolVarP(&authCommunity, "community", "", false,
+		"Use community API endpoint for Insights")
 
 	return cmd
 
@@ -74,6 +85,10 @@ func verifyAuthCommand() *cobra.Command {
 	cmd := &cobra.Command{
 		Use: "verify",
 		RunE: func(cmd *cobra.Command, args []string) error {
+			if auth.CommunityMode() {
+				ui.PrintSuccess("Running in Community Mode")
+			}
+
 			failOnError("auth/verify", auth.Verify(&auth.VerifyConfig{
 				ControlPlaneApiUrl: authControlPlaneApiBaseUrl,
 			}))

diff --git a/docs/docs/configure.md b/docs/docs/configure.md
@@ -39,6 +39,16 @@ vet auth configure
 
 - To renew an API key, you can re-register using the email. Even reach out to us at [[email protected]](mailto:[email protected]) and we would be happy to work with you
 
+## Using Community Mode
+
+- You can use community endpoint for Insights API without API key
+
+```bash
+vet auth configure --community
+```
+
+- For CI job, set environment variable `VET_COMMUNITY_MODE=true` to enable community runtime mode
+
 ## Scanning
 
 ### Scanning Directories

diff --git a/docs/docs/quick-start.md b/docs/docs/quick-start.md
@@ -9,7 +9,9 @@ title: 🚀 Quick Start
 
 ![vet Github Releases](/img/vet/vet-github-releases.png)
 
-- Get an API key for the vet insights data access for performing the scan
+- Get an API key for the vet insights data access for performing the scan.
+    Alternatively, look at [configuration options](configure.md) for
+    instruction on using community mode without API key.
 
 ```bash
 vet auth trial --email [email protected]

diff --git a/go.mod b/go.mod
@@ -4,14 +4,14 @@ go 1.18
 
 require (
 	github.com/deepmap/oapi-codegen v1.12.4
-	github.com/golang/protobuf v1.5.2
-	github.com/google/cel-go v0.13.0
+	github.com/golang/protobuf v1.5.3
+	github.com/google/cel-go v0.14.0
 	github.com/google/osv-scanner v1.3.1
 	github.com/jedib0t/go-pretty/v6 v6.4.6
 	github.com/safedep/dry v0.0.0-20230222132026-c8b6cb976849
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.7.0
-	github.com/stretchr/testify v1.8.1
+	github.com/stretchr/testify v1.8.2
 	golang.org/x/term v0.7.0
 	google.golang.org/protobuf v1.30.0
 	gopkg.in/yaml.v2 v2.4.0
@@ -20,7 +20,7 @@ require (
 require (
 	github.com/BurntSushi/toml v1.2.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.0 // indirect
-	github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
+	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
 	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/google/uuid v1.3.0 // indirect
@@ -32,10 +32,11 @@ require (
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stoewer/go-strcase v1.2.0 // indirect
+	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
 	golang.org/x/mod v0.9.0 // indirect
 	golang.org/x/sys v0.7.0 // indirect
-	golang.org/x/text v0.5.0 // indirect
-	google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c // indirect
+	golang.org/x/text v0.6.0 // indirect
+	google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -3,8 +3,8 @@ github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi
 github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
 github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk=
-github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves=
-github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
+github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18=
+github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM=
 github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ=
 github.com/apapsch/go-jsonmerge/v2 v2.0.0/go.mod h1:lvDnEdqiQrp0O42VQGgmlKpxL1AP2+08jFMw88y4klk=
 github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w=
@@ -18,24 +18,18 @@ github.com/deepmap/oapi-codegen v1.12.4/go.mod h1:3lgHGMu6myQ2vqbbTXH2H1o4eXFTGn
 github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1 h1:xvqufLtNVwAhN8NMyWklVgxnWohi+wtMGQMhtxexlm0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/cel-go v0.13.0 h1:z+8OBOcmh7IeKyqwT/6IlnMvy621fYUqnTVPEdegGlU=
-github.com/google/cel-go v0.13.0/go.mod h1:K2hpQgEjDp18J76a2DKFRlPBPpgRZgi6EbnpDgIhJ8s=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/cel-go v0.14.0 h1:LFobwuUDslWUHdQ48SXVXvQgPH2X1XVhsgOGNioAEZ4=
+github.com/google/cel-go v0.14.0/go.mod h1:YzWEoI07MC/a/wj9in8GeVatqfypkldgBlwXh9bCwqY=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/osv-scanner v1.2.0 h1:TWPfI5kDqO/wgxihVyRxX15JQFJeZ0NyPvx1UtR6g38=
-github.com/google/osv-scanner v1.2.0/go.mod h1:2GmR3DxMxDW/HkkgOf+b/KCfspX2Ls4wcapeNnSNZoY=
 github.com/google/osv-scanner v1.3.1 h1:wNbKwX/H1SbpecBV1zHbQJ/VreRpOd+w5ATiaQpOjyU=
 github.com/google/osv-scanner v1.3.1/go.mod h1:S073+vv2wokPkcuW47QOR5oHdDfIUYqbw2ZTYyOsMQw=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
-github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/jedib0t/go-pretty/v6 v6.4.4 h1:N+gz6UngBPF4M288kiMURPHELDMIhF/Em35aYuKrsSc=
-github.com/jedib0t/go-pretty/v6 v6.4.4/go.mod h1:MgmISkTWDSFu0xOqiZ0mKNntMQ2mDgOcwOkwBEkMDJI=
 github.com/jedib0t/go-pretty/v6 v6.4.6 h1:v6aG9h6Uby3IusSSEjHaZNXpHFhzqMmjXcPq1Rjl9Jw=
 github.com/jedib0t/go-pretty/v6 v6.4.6/go.mod h1:Ndk3ase2CkQbXLLNf5QDHoYb6J9WtVfmHZu9n8rk2xs=
 github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE=
@@ -56,8 +50,6 @@ github.com/safedep/dry v0.0.0-20230222132026-c8b6cb976849 h1:5nO9ht1jn7XHFyNFRhU
 github.com/safedep/dry v0.0.0-20230222132026-c8b6cb976849/go.mod h1:odFOtG1l46k23IaCY6kdNkkLW8L+NT+EUVYYVphP59I=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
-github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
 github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
 github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -74,35 +66,25 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.4/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
+golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=
 golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
 golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
-golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
-golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
+golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c h1:QgY/XxIAIeccR+Ca/rDdKubLIU9rcJ3xfy1DC/Wd2Oo=
-google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo=
+google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37 h1:jmIfw8+gSvXcZSgaFAGyInDXeWzUhvYH57G/5GKMn70=
+google.golang.org/genproto v0.0.0-20221207170731-23e4bf6bdc37/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=

diff --git a/internal/auth/auth.go b/internal/auth/auth.go
@@ -5,6 +5,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strconv"
 
 	"gopkg.in/yaml.v2"
 )
@@ -13,8 +14,10 @@ const (
 	apiUrlEnvKey          = "VET_INSIGHTS_API_URL"
 	apiKeyEnvKey          = "VET_INSIGHTS_API_KEY"
 	apiKeyAlternateEnvKey = "VET_API_KEY"
+	communityModeEnvKey   = "VET_COMMUNITY_MODE"
 
 	defaultApiUrl             = "https://api.safedep.io/insights/v1"
+	defaultCommunityApiUrl    = "https://api.safedep.io/insights-community/v1"
 	defaultControlPlaneApiUrl = "https://api.safedep.io/control-plane/v1"
 
 	homeRelativeConfigPath = ".safedep/vet-auth.yml"
@@ -23,6 +26,7 @@ const (
 type Config struct {
 	ApiUrl             string `yaml:"api_url"`
 	ApiKey             string `yaml:"api_key"`
+	Community          bool   `yaml:"community"`
 	ControlPlaneApiUrl string `yaml:"cp_api_url"`
 }
 
@@ -42,6 +46,10 @@ func DefaultApiUrl() string {
 	return defaultApiUrl
 }
 
+func DefaultCommunityApiUrl() string {
+	return defaultCommunityApiUrl
+}
+
 func DefaultControlPlaneApiUrl() string {
 	if (globalConfig != nil) && (globalConfig.ControlPlaneApiUrl != "") {
 		return globalConfig.ControlPlaneApiUrl
@@ -59,6 +67,10 @@ func ApiUrl() string {
 		return globalConfig.ApiUrl
 	}
 
+	if CommunityMode() {
+		return defaultCommunityApiUrl
+	}
+
 	return defaultApiUrl
 }
 
@@ -78,6 +90,19 @@ func ApiKey() string {
 	return ""
 }
 
+func CommunityMode() bool {
+	bRet, err := strconv.ParseBool(os.Getenv(communityModeEnvKey))
+	if (err == nil) && bRet {
+		return true
+	}
+
+	if globalConfig != nil {
+		return globalConfig.Community
+	}
+
+	return false
+}
+
 func loadConfiguration() error {
 	path, err := os.UserHomeDir()
 	if err != nil {

diff --git a/internal/auth/verify.go b/internal/auth/verify.go
@@ -18,6 +18,11 @@ type VerifyConfig struct {
 // Verify function takes config and current API key available
 // from this package and returns an error if auth is invalid
 func Verify(config *VerifyConfig) error {
+	if CommunityMode() {
+		logger.Infof("Skipping auth verify due to community mode enabled")
+		return nil
+	}
+
 	logger.Infof("Verifying auth token using Control Plane: %s", config.ControlPlaneApiUrl)
 
 	client, err := cpv1.NewClientWithResponses(config.ControlPlaneApiUrl)

diff --git a/scan.go b/scan.go
@@ -114,6 +114,10 @@ func startScan() {
 		}))
 	}
 
+	if auth.CommunityMode() {
+		ui.PrintSuccess("Running in Community Mode")
+	}
+
 	failOnError("scan", internalStartScan())
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -114,6 +114,10 @@ func startScan() { @@
     		}))
     	}
+    	if auth.CommunityMode() {
+    		ui.PrintSuccess("Running in Community Mode")
+    	}
     	failOnError("scan", internalStartScan())
     }
@@ Expand Down @@