Believe Security Logo
DocumentationAnalysis Sources

Analysis Sources

Different ways to provide your Solana code for analysis

Believe Security supports multiple ways to provide your Solana program for analysis. Choose the method that works best for your workflow and project stage.

Source Types

GitHub Repository

Analyze code directly from a GitHub repository. This is the most convenient option for projects already hosted on GitHub.

Requirements

  • A valid GitHub repository URL
  • The repository must contain a Solana program with a Cargo.toml file
  • For private repositories, you'll need to configure a GitHub access token

How to Use

  1. 1
    On the dashboard, select "GitHub Repository" as your analysis source
  2. 2
    Enter the full repository URL (e.g., https://github.com/username/repo-name)
  3. 3
    Optionally specify a subdirectory if your program is not in the root directory
  4. 4
    For private repositories, enter your GitHub access token when prompted
More details on GitHub repository analysis

Program ID

Analyze deployed Solana programs using their Program ID. Believe Security will fetch the program bytecode directly from the Solana blockchain for analysis.

Requirements

  • A valid Solana Program ID
  • The program must be deployed to Mainnet or Devnet

How to Use

  1. 1
    On the dashboard, select "Program ID" as your analysis source
  2. 2
    Enter the Program ID (e.g., 7Y8VDzehoewALqJpgGrKdEQssmJpbxBRJooaK6ZYxFqt)
  3. 3
    Select the network where the program is deployed (Mainnet or Devnet)

Important Note

Program ID analysis works with bytecode and does not have access to the original source code. This may result in less detailed findings compared to source code analysis. For best results, use GitHub Repository or File Upload when possible.

More details on Program ID analysis

File Upload

Upload your Solana program code directly from your local machine. This is ideal for programs that aren't hosted in a public repository or when you want to analyze a specific version of your code.

Requirements

  • A ZIP file containing your Solana program code
  • The ZIP must include a valid Cargo.toml file
  • Maximum file size: 50MB

How to Prepare Your ZIP File

  1. 1
    Ensure your project contains a valid Cargo.toml file at the root or a specified subdirectory
  2. 2
    Include all source files needed for the analysis
  3. 3
    Exclude build artifacts, target directories, and other large binary files
  4. 4
    ZIP the directory containing your Solana program

How to Use

  1. 1
    On the dashboard, select "File Upload" as your analysis source
  2. 2
    Click the upload area or drag and drop your ZIP file
  3. 3
    Optionally specify a subdirectory if your program is not in the root of the ZIP
More details on File Upload analysis

Source Type Comparison

FeatureGitHub RepositoryProgram IDFile Upload
Analysis DepthFull source code analysisBytecode analysis onlyFull source code analysis
Setup ComplexitySimple (URL only)Simple (Program ID only)Moderate (ZIP preparation)
Private Code SupportYes (with token)N/A (onchain)Yes
Deployment RequiredNoYesNo
Recommended ForGitHub-hosted projectsDeployed programsLocal development

Next Steps

Getting Started

Learn the basics of using Believe Security effectively.

Read guide

Understanding Results

How to interpret analysis findings and implement fixes.

Learn more