Security Orchestrator CLI

The Product Security Engineering Team's Security Orchestrator also offers a Command Line Interface option for instances where teams have not yet adopted Github Actions, are not using Jenkins, or want to test out the functionality locally. The CLI tool can be installed via Rust.

Quick Start Guide

1. Install Rust.
2. To install execute the following command: cargo install security-orchestrator
3. Once the Security Orchestrator has been installed, execute the following command to submit code for scans:

   security-orchestrator --application-name --component-id CI123121 --github-token github_token_example --directory 'file or folder path'
   

Inputs

• Either:
  • Component ID (Preferred Option): --component-id
  • Application Name: --application-name
• Token: --github-token
• Application Code or Artifact: --directory
  • Valid Formats:
    • Directory (of source code)
    • Binary
    • Existing .zip
• Optional Parameters:
  • --polling: If you pass --polling true the CLI will wait for results from the scans to come back. You can always cancel the polling with CTRL + C.
  • --scan-id: After you submit a scan the Security Orchestrator will give you back a Scan ID. Pass this Scan ID like so --scan-id {scan-id} to get the results of your scan. If you pass this parameter this will be the only thing the CLI tool looks at. You must remove it if you want to submit a scan.

Examples

Single File

ZIP