soluble-cli

command module

v0.4.39 Latest Latest Go to latest Published: Feb 4, 2021 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/soluble-ai/soluble-cli

Links

Open Source Insights

README ¶

Soluble CLI

This is the command line interface for Soluble.

Installation

On MacOS use homebrew:

brew install soluble-ai/soluble/soluble-cli

To upgrade to the latest version:

brew upgrade soluble-ai/soluble/soluble-cli

On linux, run:

wget -O - https://raw.githubusercontent.com/soluble-ai/soluble-cli/master/linux-install.sh | sh
# or
curl https://raw.githubusercontent.com/soluble-ai/soluble-cli/master/linux-install.sh | sh

The install will drop the executable in the current directory. If you run this as root or can sudo to root, the install will try to move the binary to /usr/local/bin/soluble.

Windows executables can be found on the releases page.

Run Security Scans

Run security scans on your code with:

soluble auto-scan -d ~/my-stuff

This will search under ~/my-stuff for a variety of infrastructre-as-code files and scan them.

If you'd like to manage the findings of those tools with Soluble, you'll have to authenticate the CLI with:

soluble login

Then re-run the scan with:

soluble auto-scan -d ~/my-stuff --upload

You can instead run individual scans:

soluble terraform-scan scans terraform files with checkov. Alternately, soluble terraform-scan terrascan or soluble terraform-scan tfsec can be used to scan with terrascan or tfsec respectively.
soluble kubernetes-scan scans kubernetes manifest files.
soluble cloudformation-scan scans AWS cloudformation templates with cfn-python-lint. cfn_nag and checkov are also available.
soluble secrets-scan scans for secrets in code with detect-secrets.
soluble dep-scan scans application dependencies with trivy.
soluble image-scan scans container images with trivy.
soluble code-scan scans application code with semgrep.

CI Integration

(WIP - basic notes)

Set the environment variable SOLUBLE_API_TOKEN to an API token from https://app.soluble.cloud/admin/tokens/access
Add a step to run soluble auto-scan -d . --upload, or run individual scans (see soluble iac-scan --help)
At then end of your CI job, run soluble build update-pr to update the pull request with the scan results.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
agent
auth
aws
build
cfnscan
cloudscan
codescan
config
depscan
downloadcmd
imagescan
inventorycmd
k8sscan
logincmd
model
postcmd
query
root
secretsscan
tfscan
version
pkg
api
archive
assessments
assessments/fingerprint
assessments/github
blurb
config
download
exit
inventory
log
login
model
options
print
resources
tools
tools/autoscan
tools/cfn-python-lint
tools/cfnnag
tools/checkov
tools/cloudsploit
tools/iacinventory
tools/secrets
tools/semgrep
tools/terrascan
tools/tfsec
tools/trivy
tools/trivyfs
util
version
xcp

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL