Comments (7)
You can do this by using the api:
wget http://{engine-url}/box/securityTests/{id} --user {username} --password {password}
from securecodebox.
Hi @wheelq
you are right, the CLI can be improved in that way... I'll write a new feature request for that and close this issue afterwards.
from securecodebox.
Hi @wheelq
do you mean the UI of the secureCodeBox Engine (Tasklist) or the Kibana Dashboard? If you launch a security scan via CLI everything should behave the same like using the Rest API directly (or the engine UI).
As @J12934 already mention i think we have to fix some bugs in the CLI, because the latest API changes are maybe not reflected in the JSON templates.
from securecodebox.
Hi @rseedorff
do you mean the UI of the secureCodeBox Engine (Tasklist) or the Kibana Dashboard? If you launch a security scan via CLI everything should behave the same like using the Rest API directly (or the engine UI).
Both actually. None of the scans issued via CLI are visible for review/claim in the GUI
I also got another 2 questions, not sure whether should it be posted here or as a new issue:
- How do I select format of the report when launched from the CLI. I only get JSON, how do I select XML, HTML, CSV, PDF?
- How can I get the reports using CLI without issuing a scan? I'd like to integrate SCB in the pipeline, launched via bash scripts.
from securecodebox.
We don't have other report formats other than json
.
If you need other formats i'd recommend using defect-dojo as a persistence provider, then you use the defect dojo report mechanisms to generate them.
The cli is atm only a utility to start scans. It doesn't support getting scan results without starting a scan first.
from securecodebox.
The cli is atm only a utility to start scans. It doesn't support getting scan results without starting a scan first.
That's logical, but I was more interested in getting the results from other scans, issued via GUI or a scan from 5 days ago
from securecodebox.
Closed due to inactivity
from securecodebox.
Related Issues (20)
- Automatically "TrΓΆt" on Mastodon for new Releases
- Admonition in Hooks How-To Broken
- Add a optional ttlSecondsAfterFinished field to scans to cleanup finished scans HOT 3
- π Recurring documentation issue
- Ncrack Parser is using a depracated encryption padding mechanism removed in the newest node security patch
- Switch (optional) encryption of identified passwords from ncrack to use AGE
- Passing parameters to ScheduledScan HOT 1
- add no ssl_use value
- Trivy Parser Creates Malformed Location URL HOT 4
- controleur crash with SchedulScan HOT 6
- The scan status displays 'Scanning,' even though the job has reached the specified backoff limit HOT 1
- Lurker terminated with 'OOMKilled' event HOT 5
- NodeSelector configuration not working as documented in SecureCodeBox v4.4.0 HOT 4
- improve security Deployment Workload HOT 4
- Trivy Scans persisted to Defect Dojo are missing multiple metadata fields HOT 8
- π Recurring documentation issue
- "Exception while attaching findings to engagement" error in Persistence-defectdojo HOT 5
- Auto-Discovery service in Cluster Internal Central Scans architecture HOT 1
- π Recurring documentation issue
- Analytics for securecodebox.io
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from securecodebox.