sec1 scan [<OPTIONS>]
The sec1 scan scans your scm repository, file, binaries and share foss vulnerabilities.
If no option provided then it scans current directory for supported manifest.
Supported manifest by Sec1 CLI : 'pom.xml', 'package.json', 'requirements.txt', 'package-lock.json', 'package.lock.json', 'yarn.lock', 'gradle.lockfile', 'pnpm-lock.yaml', 'pipfile.lock', '.pom'
Use the --debug option to output the debug logs.
--scmurl <url>SCM url to scan. Currently only github is supported
--accessToken <base64EncodedAccessToken>If you want to scan private repository then accessToken in mandatory.
It must be Base64 encoded in the form of username:pat. Here PAT is your personal access token.
Note: You can set accessToken in config by using sec1 config --accessToken=<base64EncodedAccessToken>. By doing this you dont have to pass it in command line.
If accessToken is passed in command line then it will overwrite value stored in config.
-s, --system <type>type represents system initianting a scan (default: "cli")
Allowed Values: gitaction/cli
-th, --threshold <severity-values...>Optional. You can specify threshold values for each severity. Ex. critical=1 medium=5 high=10 low=50
Its only application if scan is triggered from gitaction
-f, --file <file>Specify the file to scan.
Last updated