Skip to main content

Starting a SCA scan from CLI

To see help, execute: java -jar clt.jar -help

This option requires Java 11 or later preinstalled.

To create an SCA project from CLI, execute:

java -jar clt.jar -rest [rest URL] -token [token] scaProjectCreate [options]
  • -rest (API address).
  • -token (API authorization token, which you can obtain from the User Profile section of the user interface (see Account))

Arguments (options):

Mandatory arguments:

  • -name SCA project name.

To start a scan from CLI, execute the command:

java -jar clt.jar -rest [rest URL] -token [token] scaScanCreate [options]
  • -rest (API address)
  • -token (API authorization token, which you can obtain from the User Profile section of the user interface (see Account))

Options:

Mandatory arguments:

  • -project project ID.
  • -link repository URL, should not be used when path argument is used.
  • -path path to file or directory for analysis, should not be used when link argument is used.

Optional arguments:

  • -licenseRisks perform License Risks analysis.
  • -priority priority of scan execution.
  • -saveFile (fully save the uploaded file)
  • -sca perform Software Composition analysis.
  • -supplyChain perform Supply Chain analysis.
  • -vcs.branch repository branch if other than master (when analyzing an app by repository link)
  • -vcs.account repository UUID.
  • -vcs.login VCS login.
  • -vcs.password VCS password.
  • -vcs.token repository authentication token.
  • -vcs.tokenId authentication token UUID.
  • -vcs.sshKey path to the SSH key.
  • -vcs.sshKeyId SSH key UUID.
  • -vcs.sshDefault use the default SSH client configuration. Specify SSH client configuration if false.
  • -vcs.saveCredentials (Whether to save credentials for further scans)

You can obtain project UUID in the project side menu. To copy the project UUID to the buffer, click on the icon.

Example:

java -jar clt.jar -rest [rest_url] -token [token] scaScanCreate -url URL -project PROJECT

To check the scan status, execute the command:

java -jar clt.jar -rest [rest URL] -token [token] scaScanInfo [options]
  • -rest (API address)
  • -token (API authorization token, which you can obtain from the User Profile section of the user interface (see Account))

Options:

  • -scan (SCA scan UUID)

You can obtain scan UUID in the scan information. To copy the scan UUID to the buffer, click on the icon.

Example:

java -jar clt.jar -rest [rest_url] -token [token] scaScanInfo -scan SCAN

To export a PDF report, execute the command:

java -jar clt.jar -rest [rest URL] -token [token] scaExport [options]

To export a CSV report, execute the command:

java -jar clt.jar -rest [rest URL] -token [token] scaExport [options]
'-general.format' CSV
  • -rest (API address)
  • -token (API authorization token, which you can obtain from the User Profile section of the user interface (see Account))

Options:

Arguments are included in the report if they take true. Other arguments will take false if not specified.

Mandatory arguments:

  • -path (path to the directory where the report should be placed)
  • -project (project's identifier to export)

You can obtain project UUID in the project side menu. To copy project UUID, click on the icon.

Optional arguments:

  • -scans (identifiers of scans to be included into report. Should be comma separated)
  • -filter.vulnerabilities include vulnerabilities (included by default)
  • -filter.critical (include critical issues or not (included by default))
  • -filter.medium (include medium level issues or not (included by default))
  • -filter.low (include low level issues or not)
  • -filter.info (include info issues or not (included by default))
  • -filter.licenseRisks include license risks (included by default)
  • -filter.supplyChain include Supply Chain risks (included by default)
  • -filter.vulnerableDependencies include vulnerable dependencies (included by default)
  • -filter.safeDependencies include safe dependencies.
  • -filter.tasks (include issues with task manager task or not (included by default))
  • -confidence.included apply ConfiAI filter. When active, specify:
    • -confidence.critical ConfiAI confidence for critical vulnerabilities (default: 0).
    • -confidence.medium ConfiAI confidence for medium vulnerabilities (default: 0).
    • -confidence.low ConfiAI confidence for low vulnerabilities (default: 0).
    • -confidence.info ConfiAI confidence for info vulnerabilities (default: 0).
  • -general.contents (include contents or not (included by default))
  • -general.format report type. Can be: PDF, CSV, JSON, HTML.
  • -general.included (include report settings or not (included by default))
  • -general.locale (report locale (default: en))
  • -general.logo use custom logo. Specify path to the logo.
  • -general.statuses vulnerability statuses.
  • -projectInfo.scanHistory (number of scans for which history will be included, default: 0):
    • -1 — don't include scan history at all
    • 0 — include all scan history
    • >0 — specified number of scans in history
  • -projectInfo.securityDynamic (include security level dynamics or not (default: true))
  • -projectInfo.vulnerabilityDynamic (include vulnerability level dynamics or not (default: true))
  • -results.included include the Detailed Results section (default: true). When included in the report, you need to specify:
    • -results.action include vulnerability actions (included by default).
    • -results.comment include comments or not (included by default)
    • -results.entryNum number of vulnerability entries (default: 0):
      • -1 — don't include entries at all
      • 0 — include all entries
      • >0 — specified number of entries
    • -results.taskInfo (include JIRA info or not (included by default))
    • -results.dependencies include dependencies (included by default)
    • -results.dependencyTree include dependency tree
  • -scanInfo.included include settings (included by default). When included in the report, you need to specify:
  • -scanInfo.foundChart include found vulnerabilities chart or not (included by default)
  • -scanInfo.settings include scan settings or not (included by default)
  • -scanInfo.dendenciesChart include vulnerable dependencies diagram or not (included by default)
  • -table.included include vulnerability list or not (included by default). When included in the report, you need to specify:
    • -table.entryNum (number of vulnerability entries, default: 0):
      • -1 — don't include entries at all
      • 0 — include all entries
      • >0 — specified number of entries
    • -table.statuses include issues with statuses. Specify statuses as list.
    • -table.dependencyTree include dependency tree.
  • -comparison.included include comparison settings or not. When included in the report, you need to specify:
    • -comparison.scan (scan UUID (required))
    • -comparison.fixed (include fixed issues or not)
    • -comparison.newIssue (include new issues or not (included by default))
    • -comparison.saved (include remaining issues or not (included by default))
    • -comparison.entryNum (number of vulnerability entries, default: 0):
      • -1 — don't include entries at all
      • 0 — include all entries
      • >0 — specified number of entries
    • -comparison.scanSettings (include scan settings (included by default))

Example:

java -jar clt.jar -rest http://<installation_address>/app/api/v1
-token kljkjljlkjljklkjk scaExport -scan ec59395b-4372-47b1-95a2-4d48b044ff0b
-path C:\test -default

Please notice:

The Scan Information section will not be included into the report, unless you specify the scan UUID value (argument -scans). You can obtain scan UUID in the scan information. To copy the scan UUID to the buffer, click on the icon.

The functionality described above is also available via REST API.