INSTALL CLI
Virsec DevSecOps CLI helps you find and fix known vulnerabilities in your dependencies, both on local projects and as part of your CI/CD system.
DOWNLOAD THE REQUIRED FILE
Please download vsp_defense tool from Virsec Repository.
CLI PARAMETERS
The following parameters can be added from CLI when running a scan
Option |
Value |
Required |
Description |
--lang |
java, python, PHP, etc |
Yes |
Language of the project to be scanned |
--project-name |
string |
Yes |
Name of the project |
--path |
/path/to/project |
No |
Path to the project folder |
--api-key |
api-key |
Yes |
API key for Cloud Defense |
--tag |
string |
No |
Tag a scan |
USAGE
Run the following command to get started
vsp_defense help
NAME:
VSP Defense CLI Scanner - CLI for scanning and detecting vulnerabilities in any language
USAGE:
vsp_defense [global options] command [command options] [arguments...]
VERSION:
1.0.1
COMMANDS:
scan, s SCA scan of a given project and post to Virsec server
sast, a SAST scan of a given project and post to Virsec server
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help (default: false)
--version, -v print the version (default: false)
EXAMPLES
SCA
# Example of python SCA scan
vsp_defense scan --lang=python --api-key=<YOUR_API_KEY> --path=/d/temp/vulpy/requirements.txt --project-name="my-python-project"
# Example of java SCA scan
vsp_defense scan --lang=java --api-key=<YOUR_API_KEY> --path=/d/temp/java-goof --verbose --project-name="My Java Project"
# Example of PHP SCA scan
vsp_defense scan --lang=php --api-key=<YOUR_API_KEY> --path=/d/temp/php-helloworld-app --project-name="my-php-project"
# Example of Node.js SCA scan
vsp_defense scan --lang=node --api-key=<YOUR_API_KEY> --path=d/temp/nodejs-system --project-name="my-nodejs-project"
SAST
# Example of python SAST scan
vsp_defense sast --lang=python --api-key=<YOUR_API_KEY> --path=/d/temp/vulpy/requirements.txt --project-name="my-python-project"
# Example of java SAST scan
vsp_defense sast --lang=java --api-key=<YOUR_API_KEY> --path=/d/temp/java-goof --verbose --project-name="My Java Project"
# Example of PHP SAST scan
vsp_defense sast --lang=php --api-key=<YOUR_API_KEY> --path=/d/temp/php-helloworld-app --project-name="my-php-project"
# Example of Node.js SAST scan
vsp_defense sast --lang=node --api-key=<YOUR_API_KEY> --path=d/temp/nodejs-system --project-name="my-nodejs-project"