Synopsis

fcli tool sc-client install [-y] [--[no-]global-bin] [--with-jre] [--copy-from=<copyFromPath>] [--jre=<jrePath>] [--jre-platform=<jrePlatform>] [--on-copy-version-mismatch=<onCopyVersionMismatch>] [--on-digest-mismatch=<onDigestMismatch>] [-p=<platform>] [--progress=<type>] [-t=<clientAuthToken>] [-v=<version>] [-u=<versionsToUninstall>[, <versionsToUninstall>…​]]…​ [[-h] [--env-prefix=<prefix>] [--log-file=<logFile>] [--log-level=<logLevel>] [--log-mask=<level>] [--debug]] [-d=<installDir> | -b=<baseDir>] [[-o=<type+args>] [--style*=<style>,…​]…​ ] [--to-file=<outputFile>_]]

Description

This command allows for tool installation and upgrade. By default, tools are installed to <base-dir>/<tool-name>/<version>. The base directory can be specified using the --base-dir option, defaulting to <user.home>/fortify/tools if not specified. Unless the --no-global-bin option is specified, wrapper scripts for invoking each tool will be installed to <base-dir>/bin, allowing users to add this single directory to the system PATH for easy invocation of all installed tools.

It is also possibly to specify an explicit installation directory through the --install-dir option, for example to install the tool to a specific location that will be cached by a CI/CD system. The --install-dir option doesn’t create the <base-dir>/<tool-name>/<version> directory structure, and doesn’t install wrapper scripts to a shared bin-directory.

When installing a new version, older versions can optionally be automatically un-installed using the --uninstall option, which is basically the equivalent of a tool upgrade. When trying to install a version that’s already been installed, only some post-installation tasks will be re-run, like installing the global bin scripts and performing any tool configuration if applicable.

Sample invocations:

Install latest tool version, keep older versions: fcli tool <name> install -v latest

Install latest tool version (only re-running post-install if already existing), uninstall all other tool versions: fcli tool <name> install -v latest --uninstall all

Install latest v2 version, uninstall all other v2 versions: fcli tool <name> install -v 2 --uninstall 2

Install latest and latest v1, have global bin-scripts point to latest: fcli tool <name> install -v latest fcli tool <name> install -v 1 --no-global-bin

Each tool installation includes shell scripts or executables that can be run as usual, however tools installed through the 'fcli tool <tool-name> install' command can also be run through the 'fcli tool <tool-name> run' command. This command allows for selecting which version of a tool to run if multiple versions have been installed, and allows for easy tool invocation even if they haven’t been added to the PATH.

Options

-b, --base-dir=<baseDir>

Base directory under which the tool will be installed.

--copy-from=<copyFromPath>

Copy tool from existing installation instead of downloading. Specify path to tool binary, bin directory, or install directory. Version is auto-detected from source. Primarily intended for CI/CD scenarios where tools are pre-installed or available in a base image, and need to be copied to a specific cache directory for artifact preservation.

-d, --install-dir=<installDir>

Tool installation directory. As described above, it is recommended to use --base-dir instead.

--jre=<jrePath>

Path to an existing JRE installation directory to use with ScanCentral Client. The JRE version must be compatible with the ScanCentral Client version being installed (typically Java 17 for recent versions). This option is mutually exclusive with --with-jre and --jre-platform. When specified, the JRE location is stored in the installation descriptor and will be used automatically by the 'fcli tool sc-client run' command, taking precedence over environment variables like SCANCENTRAL_JAVA_HOME and JAVA_HOME.

--jre-platform=<jrePlatform>

(PREVIEW) Specify the platform for which to install the JRE, implies --with-jre. See https://github.com/fortify/tool-definitions/blob/main/v1/jre.yaml for available platforms. Default value: current platform.

--[no-]global-bin

By default, wrapper scripts will be installed to <base-dir>/bin; use --no-global-bin to skip installing/updating these wrapper scripts.

--on-copy-version-mismatch=<onCopyVersionMismatch>

Action to take when --copy-from version doesn’t match --version. Allowed values: skip, copy, fail. skip (default): ignore --copy-from and download instead; copy: copy regardless of version mismatch with warning; fail: throw error on version mismatch.

--on-digest-mismatch=<onDigestMismatch>

Action to take if there is a digest mismatch. Allowed values: fail, warn. Default action is to fail.

-p, --platform=<platform>

By default, fcli will try to install tool binaries that match the current operating system & architecture. Use this option to override automatic platform detection. The list-platforms command lists available platforms.

--progress=<type>

Configure progress output. Allowed values: auto, none, simple, stderr, single-line, ansi. Default value: auto. Proper output of single-line and ansi depends on console capabilities.

-t, --client-auth-token=<clientAuthToken>

ScanCentral SAST client_auth_token used for authenticating with ScanCentral SAST Controller.

-u, --uninstall=<versionsToUninstall>[,<versionsToUninstall>…​]

Uninstall the given versions while installing the new version. Accepts 'all' to uninstall all existing versions, or a comma-separated list of version numbers. Version numbers may be specified as <major>[.<minor>[.<patch>]].

-v, --version=<version>

Tool version to install; see output of list command to view available versions. Default value: latest

--with-jre

(PREVIEW) Install compatible JRE into the ScanCentral Client JRE directory, allowing ScanCentral Client to run even if no (compatible) JRE is installed elsewhere on the system.

-y, --confirm

Automatically confirm all prompts (cleaning the target directory, uninstalling other versions).

Output options (also see documentation link below)

-o, --output=<type+args>

Select output type (csv, table, expr, json, xml, yaml) and optional type arguments.

--store=<var>[:<prop>]

Store JSON results in an fcli variable for later reference.

*--style*=<style>,…​

Select output style: header, no-header, pretty, no-pretty, flat, no-flat, array, single, border, no-border, md-border, wrap, no-wrap, fast-output, no-fast-output.

--to-file=<outputFile>

Write output to the specified file.

Generic fcli options (also see documentation link below)

--debug

Enable collection of debug logs.

--env-prefix=<prefix>

Prefix for resolving default option values. Default value: FCLI_DEFAULT.

-h, --help

Use 'fcli [command] -h' to display help for fcli (sub-)commands.

--log-file=<logFile>

Write log output to file. Default: ./fcli.log if logging is enabled.

--log-level=<logLevel>

Set logging level: TRACE, DEBUG, INFO, WARN, ERROR, NONE.

--log-mask=<level>

Log mask level: high, medium, low, none. Default: medium. Masking is done on a best-effort basis; no guarantee that all sensitive data will be masked.