Getting Started
This guide shows how to install inspequte and run your first scan.
1. Install inspequte
Option A: Homebrew (macOS/Linux)
Option B: Pre-built binary (all major platforms)
- Open the GitHub Releases page.
- Download the archive for your OS/CPU:
- Linux (x86_64):
inspequte-<TAG>-amd64-unknown-linux-gnu.tar.gz - Linux (ARM64):
inspequte-<TAG>-arm64-unknown-linux-gnu.tar.gz - macOS (Apple Silicon):
inspequte-<TAG>-arm64-apple-darwin.tar.gz - macOS (Intel):
inspequte-<TAG>-amd64-apple-darwin.tar.gz - Windows (x86_64):
inspequte-<TAG>-amd64-pc-windows-msvc.zip(TAGis the GitHub release tag, for exampleinspequte-v0.15.1.) - Extract it and place
inspequte(orinspequte.exe) in a directory on yourPATH.
2. Verify installation
If both commands work, installation is complete.
3. First invocation (basic scan)
Run inspequte against your application JAR/class files:
Arguments:
- --input: target class/JAR files to analyze
- --classpath: dependency jars/directories used for type resolution
- --output: output SARIF file path
inspequte always writes SARIF v2.1.0 output.
4. Optional: baseline workflow
Create a baseline from current findings:
Later, compare against that baseline to report only newly introduced findings:
inspequte --input app.jar --classpath lib/ --output results.sarif --baseline inspequte.baseline.json
5. Next step
Browse available checks in Rules.
6. Optional: run only selected rules
Use --rules to run a subset of rule IDs.
inspequte --input app.jar --output results.sarif \
--rules SYSTEM_EXIT,THREAD_RUN_DIRECT_CALL \
--rules RETURN_IN_FINALLY
You can also load rule IDs from a file by prefixing with @:
For rules.txt, use one rule ID per line. Empty lines and lines starting with # are ignored.