#security #security-testing #command-line-tool #orchestration #command-line-interface #jenkins #github

app security-orchestrator

A cli tool for cox automotives security orchestrator

7 releases

0.1.6 Nov 6, 2024
0.1.5 Oct 1, 2024
0.1.3 Apr 3, 2023
0.1.2 Feb 17, 2023
0.1.0 Jan 20, 2023

#82 in Testing

Download history 57/week @ 2024-08-19 42/week @ 2024-08-26 57/week @ 2024-09-02 50/week @ 2024-09-09 45/week @ 2024-09-16 63/week @ 2024-09-23 423/week @ 2024-09-30 109/week @ 2024-10-07 45/week @ 2024-10-14 52/week @ 2024-10-21 74/week @ 2024-10-28 172/week @ 2024-11-04 80/week @ 2024-11-11 64/week @ 2024-11-18 28/week @ 2024-11-25 172/week @ 2024-12-02

350 downloads per month

MIT license

43KB
1K SLoC

Rust 734 SLoC // 0.0% comments HCL 398 SLoC // 0.0% comments

Security Orchestrator CLI

image

The Product Security Engineering Team's Security Orchestrator also offers a Command Line Interface option for instances where teams have not yet adopted Github Actions, are not using Jenkins, or want to test out the functionality locally. The CLI tool can be installed via Rust.

Quick Start Guide

  1. Install Rust.
  2. To install execute the following command: cargo install security-orchestrator
  3. Once the Security Orchestrator has been installed, execute the following command to submit code for scans:
    security-orchestrator --application-name --component-id CI123121 --github-token github_token_example --directory 'file or folder path'
    

image

Inputs

  • Either:
    • Component ID (Preferred Option): --component-id
    • Application Name: --application-name
  • Token: --github-token
  • Application Code or Artifact: --directory
    • Valid Formats:
      • Directory (of source code)
      • Binary
      • Existing .zip
  • Optional Parameters:
    • --polling: If you pass --polling true the CLI will wait for results from the scans to come back. You can always cancel the polling with CTRL + C.
    • --scan-id: After you submit a scan the Security Orchestrator will give you back a Scan ID. Pass this Scan ID like so --scan-id {scan-id} to get the results of your scan. If you pass this parameter this will be the only thing the CLI tool looks at. You must remove it if you want to submit a scan.

Examples

Single File

image

ZIP

image

Dependencies

~24–38MB
~570K SLoC