The executable itself is about 50 MB and can be run standalone in the command line interface. Deploy it within a Docker container or wherever it suits your organization.
Synopsys plans to roll out additional improvements over upcoming releases. For now, it has to be explicitly enabled as shown in Figure 1 below.
The following output is from running Rapid Scan Static against the Linux kernel codebase—and thankfully this important codebase is safe from this vulnerability. Notice that the engine identified about 70,000 files, and Rapid Scan Static scanned roughly 55,000 source files in 11 seconds.
% git clone https://github.com/torvalds/linux.git% sigma analyze --enable trojan_source_bidi_char_anywhere linuxCopyright (c) 2021 Synopsys, Inc.For documentation and support, visit https://community.synopsys.comIdentified│ File Type │Occurrences│├──────────────────┼───────────┤│C │ 30678││C Header │ 22254││Device Tree │ 4008││ReStructuredText │ 2982││Makefile │ 2671││Plain Text │ 2452││YAML │ 2174││GNU Style Assembly│ 1201││Shell │ 679││JSON │ 412││Python │ 140││SVG │ 59││Perl │ 55││BASH │ 52││Properties │ 33││ASN.1 │ 17││... │ ...│No issues found after 11 seconds%
Figure 1: Rapid Scan Static output of the Linux kernel codebase