IaC CLI Scanning Tool

Details on Using the CLI Scanning Tool to Perform Scans for IaC

The Infrastructure as Code CLI tool enables customers to take advantage of the command line interface to run scans for the Infrastructure as Code capability available within InsightCloudSec. The primary use case for this tool is to provide the ability to perform an IaC scan to identify possible misconfigurations earlier in the development process, even before the the code is pushed into the pipeline.

For a high-level overview of IaC Security (including prerequisites to get started) check out the IaC Security Overview or our IaC Security Workflow.

Prerequisites

Before getting started with the IaC CLI Scanning Tool we want to ensure you have the following:

  • A user in InsightCloudSec with the entitlement Editor or greater permissions
  • An api-key for your user
  • An IaC Configuration created via UI

Download one of the following files, based on your environment:

If you have questions or issues, reach out to us the Customer Support Portal.

Deployment Instructions

For Mac or Linux

1. From a terminal, change directory to the location of the executable script file

2. Run the following command chmod +x ./mimics.

3. Return to the executable file and click to open; which should display the following.

Command Output SummaryCommand Output Summary

Command Output Summary

4. From Mac/Linux run the following ./mimics. This should return the usage, command, and flag details.

For Windows

1. From a terminal, change directory to the location of the executable script file.

2. Run the following command mimics_0.1.0-alpha4_windows_amd64

Windows Command Output SummaryWindows Command Output Summary

Windows Command Output Summary

Using the CLI Tool

In general for commands follow the pattern mimics scan [file] [flags]

For example:

./mimics --api-key {user_api_key} --base-url {environment_url} scan -a {author_name} -c {configure_name} -p {provider_type} -s {scan_name} {Where/the/Plan/you/want/to/scan} --report-formats {file_type} --report-name {Name} --report-path {where/you/want/report}
  • Use -h or --help for assistance with commands
  • Use config and --config-name
    • config - List and view scan configurations.
    • --config-name - is for scan commands and configuration in ICS name o use for scans.

Command List & Parameters

Required

Global flag:

  • --api-key - string, api key for Insight CloudSec

Scan:

  • -c or --config-name - string, IaC config to use for this scan

  • --report-formats - strings, formats of scan result report artifacts (all, json, html, junitxml), if not provided, no artifacts will be saved

  • --report-name - string, name used for generated report artifact files (default "scan_output")

  • --report-path - string, directory path to store report artifacts, defaults to the current directory

Optional

Global flag:

  • --base-url - string, URL where insightCloudSec API resides (default http://localhost:8001/)

  • --ca-certificate - string, sets the trusted authorities for SSL verification using a CA bundle file (.pem)

  • --no-color - disables color output

  • --no-verify - disables SSL verification for all API calls to insightCloudSec (superseded by --ca-certificate)

Scan:

  • -a or --author - string, custom author for scan

  • -c or --config-name - string, IaC config to use for this scan

  • -h or --help - help for scan

  • --no-fail - suppresses error code returned by scans containing failures

  • --no-progress - disables progress console animations

  • -p or --provider - string, IaC provider to use for the scan {cft|terraform}

  • -s or --scan-name - string, custom name for scan

Viewing CLI Scan Details in the UI

After performing a scan using the CLI tool you can view scan details through the InsightCloudSec UI. All CLI Scans will be included in the IaC Scan list and can be viewed in the same way as API or On-Demand Scans.

Check out the Viewing Scan Results page for details on viewing your scan results within the UI, including summary details.

IaC UI - CLI ScansIaC UI - CLI Scans

IaC UI - CLI Scans


Did this page help you?