Getting Started with Believe Security
Learn how to set up and start using Believe Security for your Solana projects
Believe Security is designed to make Solana program security accessible to developers of all experience levels. This guide will walk you through the steps to analyze your first Solana program.
Prerequisites
Before you begin, make sure you have:
- A Solana program you want to analyze (either as source code or a deployed program ID)
- If using a GitHub repository source:Repository Visibility Requirements✓Public Repository
No additional configuration required
✓Private RepositoryRequires a GitHub personal access token with repo scope configured in your Believe Security settings
- For program ID analysis:
Ensure your program is deployed to Mainnet or Devnet
Your First Analysis
Step 1: Navigate to the Dashboard
Start by navigating to the Dashboard page. This is your command center for all analyses.
Step 2: Select an Analysis Source
You can analyze Solana programs from three different sources:
GitHub Repository
Enter the URL of a GitHub repository containing your Solana program. The repository should have a Cargo.toml file in the root or specified subdirectory.
https://github.com/username/repo-nameProgram ID
Enter the Solana Program ID of your deployed program. Believe Security will fetch the program from the blockchain and analyze its bytecode.
7Y8VDzehoewALqJpgGrKdEQssmJpbxBRJooaK6ZYxFqtFile Upload
Upload a ZIP file containing your Solana program source code. The ZIP should include a valid Cargo.toml file and all necessary source files.
Step 3: Configure Analysis Options
Select your preferred analysis depth:
- Quick scan: Best for development iterations and initial checks(Approx. 30 seconds)
- Full analysis: Comprehensive analysis recommended for pre-deployment review(Approx. 1-2 minutes)
- Continuous monitoring: For production programs that need ongoing security analysis
Example Configuration
Step 4: Start Analysis
Click the Start Analysis button to begin the process. You'll see real-time progress updates as Believe Security analyzes your program.
Step 5: Review Results
Once analysis is complete, you'll see a detailed breakdown of identified vulnerabilities. Each finding includes:
- Severity ratingCriticalHighMediumLow
- Detailed description of the vulnerability and its potential impact
- Location in code with precise file and line number references
- Recommended fixes with specific code examples and best practices
You can filter results by severity, search for specific vulnerabilities, and export a comprehensive report for your team.
Advanced Usage
Using the API
Believe Security provides a REST API for integration with your CI/CD pipeline. You can trigger analyses programmatically and retrieve results.
curl -X POST https://api.believesecurity.xyz/v1/analyze \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"source": {
"type": "github",
"url": "https://github.com/username/repo-name"
},
"analysis_depth": "full"
}'For more details on API usage, visit our API Reference.
CI/CD Integration
Believe Security can be integrated into your continuous integration workflow. Here's an example GitHub Actions workflow:
name: Solana Security Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Believe Security
uses: believe-security/github-action@v1
with:
api-key: ${{ secrets.BELIEVE_API_KEY }}
analysis-depth: quick
fail-on: high,critical