Add run_scanner.ps1 helper to run SecretScanner via WSL or PowerShell

[DecarloFreelance]

No description provided.

[Copilot]

Pull request overview

This PR introduces a PowerShell helper script to simplify running the Deepfence SecretScanner container from Windows environments, with intelligent fallback between WSL and native PowerShell execution.

Key Changes:

• Adds a new PowerShell script that wraps Docker commands to run SecretScanner with configurable parameters (license, product, image)
• Implements automatic WSL detection with fallback to native PowerShell Docker client
• Provides command-line parameter validation and error handling for common failure scenarios

Comments suppressed due to low confidence (2)

run_scanner.ps1:127

• The command displayed in the log message (line 123) is constructed from $psCmd which is a space-joined string, but the actual command executed (line 127) is different. This discrepancy makes debugging difficult as the displayed command doesn't match what's actually run. Both should use the same approach for consistency.

Write-Host "Invoking: $psCmd" -ForegroundColor Gray

# Run the command directly and capture output
try {
    $out = & docker run -i --rm --name=deepfence-secretscanner -e "DEEPFENCE_PRODUCT=$Product" -e "DEEPFENCE_LICENSE=$License" -v /var/run/docker.sock:/var/run/docker.sock $Image --image-name $ImageName --output json 2>&1

run_scanner.ps1:123

• The license value is exposed in the command line display (lines 86 and 123), which could be a security concern if the output is logged or shared in screenshots. Consider masking sensitive information in log output by displaying only a partial value or a placeholder like "****" instead of the full license key.

    Write-Host "Invoking: wsl $fullCmd" -ForegroundColor Gray
    wsl $fullCmd

    if ($LASTEXITCODE -ne 0) {
        Write-Error "Scanner container failed inside WSL (exit code $LASTEXITCODE). Check Docker logs or run interactively for more info."
        exit $LASTEXITCODE
    }

    # Copy file from WSL to Windows working directory
    $winDst = Join-Path -Path (Get-Location) -ChildPath $OutputFile
    Write-Host "Copying $tmpWslPath -> $winDst" -ForegroundColor Gray
    wsl cp $tmpWslPath - | Out-File -FilePath $winDst -Encoding utf8

    # Remove WSL temp file
    wsl rm -f $tmpWslPath

    Write-Host "Finished — output saved to $winDst" -ForegroundColor Green
    exit 0
}

# Fallback to Windows PowerShell docker client
Write-Host "Running scanner directly from PowerShell (PowerShell will invoke docker)." -ForegroundColor Green

if (-not (Test-DockerClient)) {
    Write-Error "Docker CLI not found in your PATH. Start Docker Desktop and try again or use -UseWSL if you have WSL installed."
    exit 3
}

$psCmd = @(
    'docker','run','-i','--rm','--name=deepfence-secretscanner',
    '-e',"DEEPFENCE_PRODUCT=$Product",
    '-e',"DEEPFENCE_LICENSE=$License",
    '-v','/var/run/docker.sock:/var/run/docker.sock',
    "$Image",
    '--image-name',"$ImageName",'--output','json'
) -join ' '

Write-Host "Invoking: $psCmd" -ForegroundColor Gray

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.