Перейти к содержанию

Приложение 6. Примеры запуска скриптов AppSec.Hub CLI

Сканирование кодовой базы scan_codebase

python3 -m src.scan_codebase \
    --url http://hub.your.company.com/ \     
    --token ***** \     
    --appcode 0902202-1_cli \     
    --codebase "http://gitlab.service.your.company.com/test/java-web-project.git;master;;/;java-web-project" "http://gitlab.service.your.company.com/test/web-project.git;master;;/web-project;web-project" \     
    --branch-filter "develop"

Сканирование артефакта по URL scan_artifact

Файловое хранилище (Login/Password)

python3 -m src.scan_artifact \
    --url http://hub.your.company.com/ \
    --token ****** \
    --appcode 19042021_test_create_org \
    --artifact "https://docker.your.company.com/nginx/apk/auth/app-prod-debug-1.0.apk"
    --artifact "https://docker.your.company.com/nginx/apk/auth/app-prod-debug-2.0.apk"

Файловое хранилище (Anonymous)

python3 -m src.scan_artifact \
    --url http://hub.your.company.com/ \
    --token ****** \
    --appcode 19042021_test_create_org \
    --artifact "https://docker.your.company.com/nginx/apk/app-prod-debug-1.0.apk"
    --artifact "https://docker.your.company.com/nginx/apk/app-prod-debug-2.0.apk"

type: maven (с classifier)

python3 -m src.scan_artifact \
    --url http://hub.your.company.com \
    --token ****** \
    --appcode 09022021_cli \
    --artifact "https://nexus.your.company.com/repository/maven-releases/com/appsecco/456776543/1.09/456776543-1.09-classifer.war" 
    --artifact "https://nexus.your.company.com/repository/maven-releases/com/appsecco/456776543/1.10/456776543-1.10-classifer.war"

type: yum

python3 -m src.scan_artifact --url http://hub.your.company.com \
    --token ***** \
    --appcode 09022021_cli \
    --artifact "https://nexus.your.company.com/repository/yum/user-history.assembly-4.5.0-SNAPSHOT20200619055220.noarch.rpm"
    --artifact "https://nexus.your.company.com/repository/yum/user-history.assembly-4.5.1-SNAPSHOT20200619055220.noarch.rpm"

type: docker

Cпособ 1

python3 -m src.scan_artifact \
    --url http://hub.your.company.com/ \
    --token ***** \
    --appcode 09022021_cli \
    --artifact "https://nexus.your.company.com:8083/java-web-project:9.17"
    --artifact "https://nexus.your.company.com:8083/java-web-project-2:9.17"

Cпособ 2

python3 -m src.scan_artifact \
    --url http://hub.your.company.com/ \
    --token ***** \
    --appcode 09022021_cli \
    --artifact "https://nexus.your.company.com:8086/hub-core:1.4.5.7"
    --artifact "https://nexus.your.company.com:8086/hub-core:1.4.5.8"

type: npm

python3 -m src.scan_artifact \
    --url http://hub.your.company.com \
    --token ***** \
    --appcode 09022021_cli \
    --artifact "https://nexus.your.company.com/repository/npm-group/ngclipboard/-/ngclipboard-2.0.0.tgz"
    --artifact "https://nexus.your.company.com/repository/npm-group/ngclipboard/-/ngclipboard-2.1.0.tgz"

Сканирование экземпляра приложения scan_instance

python3 -m src.scan_instance --url http://hub.your.company.com/ \
    --token ***** \
    --appcode 0902202-1_cli \
    --instance-url http://hub.your.company.com \
    --instance-name inst1 \
    --stage ST

Импорт результатов import_results

Импорт результатов из Checkmarx

python3 -m src.import_results \
    --url https://hub.your.company.com \
    --token ***** \
    --appcode 09022021_cli \
    --codebase "http://gitlab.service.your.company.com/test/java-web-project.git;master;;/;java-web-project" "http://gitlab.service.your.company.com/test/web-project.git;master;;/web-project;web-project" \
    --cx-tool-url https://cx.your.company.com \
    --cx-project-name kg_19082021_2_-master_1 \
    --cx-team /CxServer/asdfsadfASDFASDF/kg_19082021_2 \
    --quality-gate no-critical-issues

Импорт результатов из Dependency track

python3 -m src.import_results \
    --url https://hub.your.company.com \
    --token ***** \
    --appcode 09022021_cli \
    --codebase "http://gitlab.service.your.company.com/test/java-web-project.git;master;;/;java-web-project" "http://gitlab.service.your.company.com/test/web-project.git;master;;/web-project;web-project" \
    --dt-tool-url http://dep-track.your.company.com \
    --dt-project-name Dependency_Track_java-web-project-master \
    --dt-project-uuid 619821d4-368d-4f5e-a52f-18d73d97ecb9 \
    --quality-gate no-critical-issues

Импорт результатов из PT Application inspector

python3 -m src.import_results \
    --url hub_host \
    --token ***token*** \
    --appcode your_application_name \
    --codebase "https://gitlab.your.domain.com/dev/your_project_name.git;master;;/;" \
    --ptai-tool-url https://ptai.your.domain.com  \
    --ptai-project-name your_project_name \
    --ptai-project-language Java \
    --ptai-scan-results-id c40b439e-0312-4a38-9bb8-8cea931b3bd9

Импорт результатов из AppSec.Track

python3 -m src.import_results \
    --url https://hub.your.company.com \
    --token ***** \
    --appcode app_track_cli \
    --artifact "https://your.company.com/java-web-project:5.1" \
    --appsec-track-tool-url https://track.your.company.com \
    --appsec-track-team your_team_name \
    --appsec-track-application your_app_name \
    --appsec-track-scan-guid 6c4ee61b-58df-9x99-z13v-954c1a45rtev

Импорт результатов из Стингрей

python3 -m src.import_results \
    --url https://hub.your.company.com \
    --token ***** \
    --appcode app_mdast_cli1 \
    --artifact "https://docker.your.company.com/nginx/apk/auth/app-prod-debug-2.0.apk;TestApk1" \
    --mdast-tool-url https://stingray.your.company.ru \
    --mdast-scan-id=707 \
    --quality-gate no-critical-issues

Импорт результатов из Nexus (артефакты)

python3 -m src.import_results \
    --url https://hub.your.company.com \
    --token ***** \
    --appcode 09022021_cli \
    --artifact "https://nexus.your.company.com/repository/maven-releases/com/example/hub-core-f05f76e5ed7a/1.0.5454-test-task/hub-core-f05f76e5ed7a-1.0.5454-test-task.tar;Artifact-1" \ 
    --artifact "https://nexus.your.company.com/repository/maven-releases/com/example/hub-core/1.0.5452-test-task/hub-core-1.0.5452-test-task.tar;Artifact-2" \
    --artifact "https://nexus.your.company.com/repository/maven-releases/com/example/hub-ui/1.0.5452-test-task/hub-ui-1.0.5452-test-task.tar;Artifact-3" \
    --nxiq-tool-url https://nxiq.your.company.com \
    --nxiq-app 12072021_nxiq_java-web-projectdocker \
    --nxiq-org "Dev Company" \
    --nxiq-app multi-docker \
    --nxiq-report 5bbfc21a24864254a58c905d475a0ea4 \
    --nxiq-stage build

Импорт результатов из Aqua Security

python3 -m src.import_results \
    --url https://hub.your.company.com \
    --token ***** \
    --appcode Aqua_demo \
    --artifact "https://nexus.your.company.com:8083/java-web-project:1.17" \
    --aqua-tool-url https://aqua.your.company.com \
    --aqua-registry aqua-demo_java-web-project-docker

Импорт результатов из CodeScoring

python3 -m src.import_results \
    --url https://hub.your.company.com \
    --token ***** \
    --appcode 09022021_cli \
    --codebase "http://gitlab.service.your.company.com/test/java-web-project.git;master;;/;java-web-project" "http://gitlab.service.your.company.com/test/web-project.git;master;;/web-project;web-project" \
    --codescoring-tool-url https://your-codescoring-url.com \
    --codescoring-project-name your-repo/your-project \
    --quality-gate no-critical-issues

Импорт информации о проблемах безопасности import_report

python3 -m src.import_report \
    --url https://hub.your.company.com \
    --token **token** \
    --appcode appcode \
    --application-name appname \
    --external-id ae8f09fe-987f-11eb-a8b3-0242ac130003 \
    --quality-gate-code no-critical-issues \
    --unit-code 000001 \
    --unit-name front \
    --report-file c:\dev\report.json
К началу