You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -169,7 +169,7 @@ To install the Cycode CLI application on your local machine, perform the followi
169
169
170
170
`Successfully configured Cycode URLs!`
171
171
172
-
If you go into the `.cycode` folder under your user folder, you'll find these credentials were created and placed in the `credentials.yaml` file in that folder.
172
+
If you go into the `.cycode` folder under your user folder, you'll find these credentials were created and placed in the `credentials.yaml` file in that folder.
173
173
The URLs were placed in the `config.yaml` file in that folder.
174
174
175
175
### Add to Environment Variables
@@ -293,9 +293,9 @@ The following are the options and commands available with the Cycode CLI applica
| [auth](#using-the-auth-command) | Authenticate your machine to associate the CLI with your Cycode account. |
295
295
| [configure](#using-the-configure-command) | Initial command to configure your CLI client authentication. |
296
-
| [ignore](#ignoring-scan-results) | Ignores a specific value, path or rule ID. |
296
+
| [ignore](#ignoring-scan-results) | Ignore a specific value, path or rule ID. |
297
297
| [scan](#running-a-scan) | Scan the content for Secrets/IaC/SCA/SAST violations. You`ll need to specify which scan type to perform: commit-history/path/repository/etc. |
298
-
| [report](#report-command) | Generate report. You`ll need to specify which report type to perform as SBOM. |
298
+
| [report](#report-command) | Generate report. You will need to specify which report type to perform as SBOM. |
299
299
| status | Show the CLI status and exit. |
300
300
301
301
# Scan Command
@@ -312,9 +312,9 @@ The Cycode CLI application offers several types of scans so that you can choose
312
312
|`--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]`| Show only violations at the specified level or higher. |
313
313
|`--sca-scan`| Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both. |
314
314
|`--monitor`| When specified, the scan results will be recorded in Cycode. |
315
-
|`--cycode-report`|When specified, displays a link to the scan report in the Cycode platform in the console output. |
316
-
|`--no-restore`| When specified, Cycode will not run restore command. Will scan direct dependencies ONLY!|
317
-
|`--gradle-all-sub-projects`|When specified, Cycode will run gradle restore commandfor all sub projects. Should run from root project directory ONLY!|
315
+
|`--cycode-report`|Display a link to the scan report in the Cycode platform in the console output. |
316
+
|`--no-restore`| When specified, Cycode will not run the restore command. This will scan direct dependencies ONLY!|
317
+
|`--gradle-all-sub-projects`|Run gradle restore commandfor all sub projects. This should be run from the project root directory ONLY!|
318
318
|`--help`| Show options for given command. |
319
319
320
320
| Command | Description |
@@ -328,9 +328,9 @@ The Cycode CLI application offers several types of scans so that you can choose
328
328
329
329
#### Severity Option
330
330
331
-
To limit the results of the scan to a specific severity threshold, add the argument `--severity-threshold` to the scan command.
331
+
To limit the results of the scan to a specific severity threshold, the argument `--severity-threshold` can be added to the scan command.
332
332
333
-
The following command will scan the repository for policy violations that have severity of Medium or higher:
333
+
For example, the following command will scan the repository for policy violations that have severity of Medium or higher:
334
334
335
335
`cycode scan --severity-threshold MEDIUM repository ~/home/git/codebase`
336
336
@@ -341,13 +341,10 @@ The following command will scan the repository for policy violations that have s
341
341
342
342
To push scan results tied to the [SCA policies](https://docs.cycode.com/docs/sca-policies) found in an SCA type scan to Cycode, add the argument `--monitor` to the scan command.
343
343
344
-
Consider the following example. The following command will scan the repository for SCA policy violations and push them to Cycode:
344
+
For example, the following command will scan the repository for SCA policy violations and push them to Cycode platform:
When using this option, the scan results will appear in Cycode.
349
-
350
-
351
348
#### Cycode Report Option
352
349
353
350
For every scan performed using the Cycode CLI, a report is automatically generated and its results are sent to Cycode. These results are tied to the relevant policies (e.g., [SCA policies](https://docs.cycode.com/docs/sca-policies) for Repository scans) within the Cycode platform.
@@ -359,7 +356,7 @@ To have the direct URL to this Cycode report printed in your CLI output after th
359
356
All scan results from the CLI will appear in the CLI Logs section of Cycode. If you included the `--cycode-report` flag in your command, a direct link to the specific report will be displayed in your terminal following the scan results.
360
357
361
358
> [!WARNING]
362
-
> You must be an`owner` or an `admin`in Cycode to view this page.
359
+
> You must have the`owner` or `admin` rolein Cycode to view this page.
@@ -374,7 +371,7 @@ The report page will look something like below:
374
371
375
372
To scan a specific package vulnerability of your local repository, add the argument `--sca-scan package-vulnerabilities` following the `-t sca` or `--scan-type sca` option.
376
373
377
-
Consider the previous example. If you wanted to only run an SCA scan on package vulnerabilities, you could execute the following:
374
+
In the previous example, if you wanted to only run an SCA scan on package vulnerabilities, you could execute the following:
@@ -385,7 +382,7 @@ Consider the previous example. If you wanted to only run an SCA scan on package
385
382
386
383
To scan a specific branch of your local repository, add the argument `--sca-scan license-compliance` followed by the name of the branch you wish to scan.
387
384
388
-
Consider the previous example. If you wanted to only scan a branch named `dev`, you could execute the following:
385
+
In the previous example, if you wanted to only scan a branch named `dev`, you could execute the following:
@@ -394,7 +391,7 @@ Consider the previous example. If you wanted to only scan a branch named `dev`,
394
391
> [!NOTE]
395
392
> This option is only available to SCA scans.
396
393
397
-
We use sbt-dependency-lock plugin to restore the lock file for SBT projects.
394
+
We use the sbt-dependency-lock plugin to restore the lock file for SBT projects.
398
395
To disable lock restore in use `--no-restore` option.
399
396
400
397
Prerequisites:
@@ -412,7 +409,7 @@ To execute a full repository scan, execute the following:
412
409
413
410
`cycode scan repository {{path}}`
414
411
415
-
For example, consider a scenario in which you want to scan your repository stored in`~/home/git/codebase`. You couldthen execute the following:
412
+
For example, ifyou wanted to scan a repository stored in`~/home/git/codebase`, you could execute the following:
416
413
417
414
`cycode scan repository ~/home/git/codebase`
418
415
@@ -426,7 +423,7 @@ The following option is available for use with this command:
426
423
427
424
To scan a specific branch of your local repository, add the argument `-b` (alternatively, `--branch`) followed by the name of the branch you wish to scan.
428
425
429
-
Consider the previous example. If you wanted to only scan a branch named `dev`, you could execute the following:
426
+
Given the previous example, if you wanted to only scan a branch named `dev`, you could execute the following:
@@ -448,8 +445,8 @@ Cycode CLI supports Terraform plan scanning (supporting Terraform 0.12 and later
448
445
449
446
Terraform plan file must be in JSON format (having `.json` extension)
450
447
451
-
_How to generate a Terraform plan from Terraform configuration file?_
452
-
448
+
If you just have a configuration file, you can generate a plan by doing the following:
449
+
453
450
1. Initialize a working directory that contains Terraform configuration file:
454
451
455
452
`terraform init`
@@ -513,15 +510,13 @@ If no issues are found, the scan ends with the following success message:
513
510
514
511
`Good job! No issues were found!!! 👏👏👏`
515
512
516
-
If an issue is found, a violation card appears upon completion instead.
517
-
518
-
If an issue is found, review the file in question for the specific line highlighted by the result message. Implement any changes required to resolve the issue, then execute the scan again.
513
+
If an issue is found, a violation card appears upon completion instead. In this case you should review the file in question for the specific line highlighted by the result message. Implement any changes required to resolve the issue, then execute the scan again.
519
514
520
515
### Show/Hide Secrets
521
516
522
-
In the above example, a secret was found in the file `secret_test`, located in the subfolder `cli`. The second part of the message shows the specific line the secret appears in, which in this case is a value assigned to `googleApiKey`.
517
+
In the [examples below](#secrets-result-example), a secret was found in the file `secret_test`, located in the subfolder `cli`. The second part of the message shows the specific line the secret appears in, which in this case is a value assigned to `googleApiKey`.
523
518
524
-
Note how the above example obscures the actual secret value, replacing most of the secret with asterisks. Scans obscure secrets by default, but you may optionally disable this feature to view the full secret (assuming the machine you are viewing the scan result on is sufficiently secure from prying eyes).
519
+
Note how the example obscures the actual secret value, replacing most of the secret with asterisks. Scans obscure secrets by default, but you may optionally disable this feature to view the full secret (assuming the machine you are viewing the scan result on is sufficiently secure from prying eyes).
525
520
526
521
To disable secret obfuscation, add the `--show-secret` argument to any type of scan.
527
522
@@ -533,12 +528,9 @@ The result would then not be obfuscated.
533
528
534
529
### Soft Fail
535
530
536
-
Using the soft fail feature will not fail the CI/CD step within the pipeline if the Cycode scan detects an issue.
537
-
If an issue occurs during the Cycode scan, using a soft fail feature will automatically execute with success (`0`) to avoid interference.
538
-
539
-
To configure this feature, add the `--soft-fail` option to any type of scan. This will force the scan results to succeed (exit code `0`).
531
+
In normal operation the CLI will return an exit code of `1` when issues are found in the scan results. Depending on your CI/CD setup this will usually result in an overall failure. If you don't want this to happen, you can use the soft fail feature.
540
532
541
-
Scan results are assigned with a value of exit code `1` when issues are found inthe scan results; this will result in a failure within the CI/CD tool. Use the option `--soft-fail` to force the results with the exit code `0` to have no impact (i.e., to have a successful result).
533
+
By adding the `--soft-fail` option to any type of scan, the exit code will be forced to `0` regardless of whether any results are found.
542
534
543
535
### Example Scan Results
544
536
@@ -633,7 +625,7 @@ Scan results are assigned with a value of exit code `1` when issues are found in
If your company has set custom remediation guidelines in the relevant policy via the Cycode portal, you'll see a field for “Company Guidelines” that contains the remediation guidelines you added. Note that if you haven't added any company guidelines, this field will not appear in the CLI tool.
This is incredibly important to place the `.cycode` folder and run CLI from the same place.
777
+
It is incredibly important to place the `.cycode` folder and run CLI from the same place.
786
778
You should double-check it when working with different environments like CI/CD (GitHub Actions, Jenkins, etc.).
787
779
788
-
You could commit the `.cycode` folder to the root of your repository.
789
-
In this scenario, you must run CLI scans from the repository root.
790
-
If it doesn't fit your requirements, you could temporarily copy the `.cycode` folder
791
-
wherever you want and perform a CLI scan from this folder.
780
+
You can commit the `.cycode` folder to the root of your repository. In this scenario, you must run CLI scans from the repository root. If that doesn't fit your requirements, you could temporarily copy the `.cycode` folder to wherever you want and perform a CLI scan from this folder.
792
781
793
782
#### Structure ignoring rules in the config
794
783
795
-
It's important to understand how CLI stores ignore rules to be able to read these configuration files or even modify them without CLI.
784
+
It's important to understand how CLI stores ignored rules to be able to read these configuration files or even modify them without CLI.
796
785
797
786
The abstract YAML structure:
798
787
```yaml
@@ -807,7 +796,7 @@ Possible values of `scanTypeName`: `iac`, `sca`, `sast`, `secret`.
807
796
808
797
Possible values of `ignoringType`: `paths`, `values`, `rules`, `packages`, `shas`, `cves`.
809
798
810
-
> [!WARNING]
799
+
> [!WARNING]
811
800
> Values for "ignore by value" are not stored as plain text!
812
801
> CLI stores sha256 hashes of the values instead.
813
802
> You should put hashes of the string when modifying the configuration file by hand.
@@ -844,7 +833,7 @@ The following options are available for use with this command:
0 commit comments