You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -54,7 +54,7 @@ This guide walks you through both installation and usage.
54
54
55
55
# Prerequisites
56
56
57
-
- The Cycode CLI application requires Python version 3.8 or later.
57
+
- The Cycode CLI application requires Python version 3.9 or later.
58
58
- Use the [`cycode auth` command](#using-the-auth-command) to authenticate to Cycode with the CLI
59
59
- Alternatively, you can get a Cycode Client ID and Client Secret Key by following the steps detailed in the [Service Account Token](https://docs.cycode.com/docs/en/service-accounts) and [Personal Access Token](https://docs.cycode.com/v1/docs/managing-personal-access-tokens) pages, which contain details on getting these values.
60
60
@@ -208,7 +208,7 @@ Cycode’s pre-commit hook can be set up within your local repository so that th
208
208
209
209
Perform the following steps to install the pre-commit hook:
210
210
211
-
1. Install the pre-commit framework (Python 3.8 or higher must be installed):
211
+
1. Install the pre-commit framework (Python 3.9 or higher must be installed):
212
212
213
213
```bash
214
214
pip3 install pre-commit
@@ -221,26 +221,26 @@ Perform the following steps to install the pre-commit hook:
221
221
```yaml
222
222
repos:
223
223
- repo: https://github.com/cycodehq/cycode-cli
224
-
rev: v2.3.0
224
+
rev: v3.0.0
225
225
hooks:
226
226
- id: cycode
227
227
stages:
228
-
- commit
228
+
- pre-commit
229
229
```
230
230
231
231
4. Modify the created file for your specific needs. Use hook ID `cycode` to enable scan for Secrets. Use hook ID `cycode-sca` to enable SCA scan. If you want to enable both, use this configuration:
232
232
233
233
```yaml
234
234
repos:
235
235
- repo: https://github.com/cycodehq/cycode-cli
236
-
rev: v2.3.0
236
+
rev: v3.0.0
237
237
hooks:
238
238
- id: cycode
239
239
stages:
240
-
- commit
240
+
- pre-commit
241
241
- id: cycode-sca
242
242
stages:
243
-
- commit
243
+
- pre-commit
244
244
```
245
245
246
246
5. Install Cycode’s hook:
@@ -281,8 +281,8 @@ The following are the options and commands available with the Cycode CLI applica
281
281
| [auth](#using-the-auth-command) | Authenticate your machine to associate the CLI with your Cycode account. |
282
282
| [configure](#using-the-configure-command) | Initial command to configure your CLI client authentication. |
283
283
| [ignore](#ignoring-scan-results) | Ignores a specific value, path or rule ID. |
284
-
| [scan](#running-a-scan) | Scan the content for Secrets/IaC/SCA/SAST violations. You`ll need to specify which scan type to perform: commit_history/path/repository/etc. |
285
-
| [report](#report-command) | Generate report. You`ll need to specify which report type to perform. |
284
+
| [scan](#running-a-scan) | Scan the content for Secrets/IaC/SCA/SAST violations. You`ll need to specify which scan type to perform: commit-history/path/repository/etc. |
285
+
| [report](#report-command) | Generate report. You`ll need to specify which report type to perform as SBOM. |
286
286
| status | Show the CLI status and exit. |
287
287
288
288
# Scan Command
@@ -294,24 +294,23 @@ The Cycode CLI application offers several types of scans so that you can choose
|`-t, --scan-type [secret\|iac\|sca\|sast]`| Specify the scan you wish to execute (`secret`/`iac`/`sca`/`sast`), the default is `secret`. |
297
-
|`--secret TEXT`| Specify a Cycode client secret for this specific scan execution. |
297
+
|`--client-secret TEXT`| Specify a Cycode client secret for this specific scan execution. |
298
298
|`--client-id TEXT`| Specify a Cycode client ID for this specific scan execution. |
299
299
|`--show-secret BOOLEAN`| Show secrets in plain text. See [Show/Hide Secrets](#showhide-secrets) section for more details. |
300
300
|`--soft-fail BOOLEAN`| Run scan without failing, always return a non-error status code. See [Soft Fail](#soft-fail) section for more details. |
301
301
|`--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]`| Show only violations at the specified level or higher. |
302
302
|`--sca-scan`| Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both. |
303
303
|`--monitor`| When specified, the scan results will be recorded in the knowledge graph. Please note that when working in`monitor` mode, the knowledge graph will not be updated as a result of SCM events (Push, Repo creation). (Supported for SCA scan type only). |
304
-
|`--report`| When specified, a violations report will be generated. A URL link to the report will be printed as an output to the command execution.|
304
+
|`--cycode-report`| When specified, displays a link to the scan report in the Cycode platform in the console output. |
305
305
|`--no-restore`| When specified, Cycode will not run restore command. Will scan direct dependencies ONLY!|
306
-
|`--sync`| Run scan synchronously (the default is asynchronous). |
307
306
|`--gradle-all-sub-projects`| When specified, Cycode will run gradle restore commandfor all sub projects. Should run from root project directory ONLY!|
| [commit_history](#commit-history-scan) | Scan all the commits history in this git repository |
311
+
| [commit-history](#commit-history-scan) | Scan all the commits history in this git repository |
313
312
| [path](#path-scan) | Scan the files in the path supplied in the command |
314
-
| [pre_commit](#pre-commit-scan) | Use this command to scan the content that was not committed yet |
313
+
| [pre-commit](#pre-commit-scan) | Use this command to scan the content that was not committed yet |
315
314
| [repository](#repository-scan) | Scan git repository including its history |
316
315
317
316
### Options
@@ -340,18 +339,15 @@ When using this option, the scan results from this scan will appear in the knowl
340
339
> [!WARNING]
341
340
> You must be an `owner` or an `admin` in Cycode to view the knowledge graph page.
342
341
343
-
#### Report Option
342
+
#### Cycode Report Option
344
343
345
-
> [!NOTE]
346
-
> This option is not available to IaC scans.
347
-
348
-
To push scan results tied to the [SCA policies](https://docs.cycode.com/docs/sca-policies) found in the Repository scan to Cycode, add the argument `--report` to the scan command.
344
+
For every scan performed using the Cycode CLI, a report is automatically generated and its results are sent to Cycode. These results are tied to the relevant policies (e.g., [SCA policies](https://docs.cycode.com/docs/sca-policies) for Repository scans) within the Cycode platform.
To have the direct URL to this Cycode report printed in your CLI output after the scan completes, add the argument `--cycode-report` to your scan command.
351
347
352
-
In the same way, you can push scan results of Secrets and SAST scans to Cycode by adding the `--report` option to the scan command.
When using this option, the scan results from this scan will appear in the On-Demand Scans section of Cycode. To get to this page, click the link that appears after the printed results:
350
+
All scan results from the CLI will appear in the CLI Logs section of Cycode. If you included the `--cycode-report` flag in your command, a direct link to the specific report will be displayed in your terminal following the scan results.
355
351
356
352
> [!WARNING]
357
353
> You must be an `owner` or an `admin` in Cycode to view this page.
@@ -467,25 +463,25 @@ A commit history scan is limited to a local repository’s previous commits, foc
467
463
468
464
To execute a commit history scan, execute the following:
469
465
470
-
`cycode scan commit_history {{path}}`
466
+
`cycode scan commit-history {{path}}`
471
467
472
468
For example, consider a scenario in which you want to scan the commit history for a repository stored in `~/home/git/codebase`. You could then execute the following:
473
469
474
-
`cycode scan commit_history ~/home/git/codebase`
470
+
`cycode scan commit-history ~/home/git/codebase`
475
471
476
472
The following options are available for use with this command:
| `-r, --commit_range TEXT` | Scan a commit range in this git repository, by default cycode scans all commit history (example: HEAD~1) |
476
+
| `-r, --commit-range TEXT` | Scan a commit range in this git repository, by default cycode scans all commit history (example: HEAD~1) |
481
477
482
478
#### Commit Range Option
483
479
484
-
The commit history scan, by default, examines the repository’s entire commit history, all the way back to the initial commit. You can instead limit the scan to a specific commit range by adding the argument `--commit_range` (`-r`) followed by the name you specify.
480
+
The commit history scan, by default, examines the repository’s entire commit history, all the way back to the initial commit. You can instead limit the scan to a specific commit range by adding the argument `--commit-range` (`-r`) followed by the name you specify.
485
481
486
482
Consider the previous example. If you wanted to scan only specific commits in your repository, you could execute the following:
0 commit comments