Misc

CloudDefense's Labs CLI helps you find and fix known vulnerabilities in your dependencies, both on local projects and as part of your CI/CD system.

Installation

Please follow instructions specific to your operating system.

How to update CLI?

Just rerun the command to update the client to the latest version.

Mac

Run the following command which will install thecdefensetool. Check the usage section for details.

curl \
https://raw.githubusercontent.com/CloudDefenseAI/cd/master/labs/cd-latest-mac-x64.tar.gz > /tmp/cd-latest-mac-x64.tar.gz && tar -C /usr/local/bin -xzf /tmp/cd-latest-mac-x64.tar.gz && chmod +x /usr/local/bin/cdefense

Linux

Run the following command which will install thecdefensetool. Check the usage section for details.

sudo curl \
https://raw.githubusercontent.com/CloudDefenseAI/cd/master/labs/cd-latest-linux-x64.tar.gz > /tmp/cd-latest-linux-x64.tar.gz && tar -C /usr/local/bin -xzf /tmp/cd-latest-linux-x64.tar.gz && chmod +x /usr/local/bin/cdefense

Windows

Download the following tar file and unzip it, check the usage section for details.

https://github.com/CloudDefenseAI/cd/raw/master/labs/cd-latest-windows.exe.tar.gz

CLI Parameters

The following parameters can be added from CLI when running a scan.

Option

Value

Required

Description

--lang

java, python, PHP, etc

Yes

Language of the project to be scanned

--project-name

string

Yes

Name of the project

--path

/path/to/project

No

Path to the project folder

--api-key

api-key

Yes

API key for Cloud Defense

--tag

string

No

Tag a scan

Usage

Run the following command to get started.

cdefense help
NAME:
Cloud Defense CLI Scanner - CLI for scanning and detecting vulnerabilities in any language
USAGE:
cdefense [global options] command [command options] [arguments...]
VERSION:
1.12.1
COMMANDS:
scan, s SCA scan of a given project and post to Cloud Defense server
sast, a SAST scan of a given project and post to Cloud Defense server
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help (default: false)
--version, -v print the version (default: false)

Examples

SCA

# Example of python SCA scan
cdefense scan --lang=python --api-key=<YOUR_API_KEY> --path=/d/temp/vulpy/requirements.txt --project-name="my-python-project"
# Example of java SCA scan
cdefense scan --lang=java --api-key=<YOUR_API_KEY> --path=/d/temp/java-goof --verbose --project-name="My Java Project"
# Example of php SCA scan
cdefense scan --lang=php --api-key=<YOUR_API_KEY> --path=/d/temp/php-helloworld-app --project-name="my-php-project"
# Example of NodeJS SCA scan
cdefense scan --lang=node --api-key=<YOUR_API_KEY> --path=/d/temp/nodejs-system --project-name="my-nodejs-project"

SAST

# Example of python SAST scan
cdefense sast --lang=python --api-key=<YOUR_API_KEY> --path=/d/temp/vulpy/requirements.txt --project-name="my-python-project"
# Example of java SAST scan
cdefense sast --lang=java --api-key=<YOUR_API_KEY> --path=/d/temp/java-goof --verbose --project-name="my-java-project"
# Example of php SAST scan
cdefense sast --lang=php --api-key=<YOUR_API_KEY> --path=/d/temp/php-helloworld-app --project-name="my-php-project"
# Example of NodeJS SAST scan
cdefense sast --lang=node --api-key=<YOUR_API_KEY> --