Synopsis

fcli fod dast-scan setup-website [--create-login-macro] [--false-positive-removal] [--redundant-page-detection] [--restrict] --assessment-type=<assessmentType> [--delim=<delimiter>] [--entitlement-id=<entitlementId>] [--environment=<environmentFacingType>] [-f=<file>] [--file-id=<loginMacroFileId>] --frequency=<entitlementFrequencyType> [--macro-primary-password=<macroPrimaryPassword _ >_] [--macro-primary-username=<macroPrimaryUsername _ >_] [--macro-secondary-password=<macroSecondaryPass _ word>_] [--macro-secondary-username=<macroSecondaryUser _ name>_] [--network-auth-type=<networkAuthenticationType _ >_] [-p=<password>] [--policy=<scanPolicy>] --rel=id|app[:ms]:rel [--timebox=<timebox>] [--timezone=<timezone>] [-u=<username>] --url=<siteUrl> [--vpn=<fodConnectNetwork>] [-e=<exclusions>[,<exclusions>…​]]…​ [[-h] [--env-prefix=<envPrefix>] [--log-file=<logFile>] [--log-level=<logLevel>]] [[--session=<sessionName>]] ] [--store=_variableName[: _ <propertyNames>]] [--to-file=<outputFile>_]]

Description

This command is intended for preview only. Command name, options and behavior may change at any time, even between patch or minor releases, potentially affecting any workflows in which this command is being used. To correctly setup a scan you will need to provide the name of the assessment type using the '--assessment-type=xxx' option. Since assessment types can potentially be configured differently for each tenant, you can find the correct name using the 'fod rest lookup AssessmentTypes' command. If you know the Id of an entitlement that you want to use then you can supply it to the '--entitlement-id=xxx' option. If not, you can supply both '--assessment-type' and '--entitlement-frequency' options and the command will try to find an appropriate entitlement. If you wish to use a Login Macro for authentication then you can upload it directly using the '--file' option, or you can refer to a previously uploaded File Id that was uploaded using the 'fod dast-scan upload-file' command.

Options

--assessment-type=<assessmentType>

The type of DAST assessment to carry out. Use 'fod rest lookup AssessmentTypes' to display valid values.

--create-login-macro

Request generation of a login macro by the testing team (once per application).

--delim=<delimiter>

Change the default delimiter character when using options that accept "application[:microservice]:release" as an argument or parameter.

-e, --exclusions=<exclusions>[,<exclusions>…​]

A comma separated list of URLs to exclude from being scanned.

--entitlement-id=<entitlementId>

Entitlement Id to use. If not specified Frequency and Assessment Type will be used to find one.

--environment=<environmentFacingType>

The public facing visibility of the environment. Valid values: Internal, External.

-f, --file=<file>

A Login Macro file to upload and use for authentication in the website scan.

--false-positive-removal

Request false positive removal by the testing team (once per application).

--file-id=<loginMacroFileId>

The file Id of a Login Macro previously uploaded using the 'fod dast-scan upload-file' command.

--frequency, --entitlement-frequency=<entitlementFrequencyType>

The entitlement frequency type to use. Valid values: SingleScan, Subscription.

--macro-primary-password=<macroPrimaryPassword>

Login macro password for the primary user.

--macro-primary-username=<macroPrimaryUsername>

Login macro username for the primary user.

--macro-secondary-password=<macroSecondaryPassword>

Login macro password for the secondary user.

--macro-secondary-username=<macroSecondaryUsername>

Login macro username for the secondary user.

--network-auth-type=<networkAuthenticationType>

The Network Authentication type to use. Valid values: Basic, NTLM, Kerberos, Digest, Automatic, ADFS_CBT.

-p, --network-password=<password>

The Network Password to use.

--policy=<scanPolicy>

The Scan Policy to use. Use 'fod rest lookup DastAutomatedScanPolicies' to display valid values.

--redundant-page-detection

Enable redundant page detection.

--rel, --release=id|app[:ms]:rel

Release id or <application>[:<microservice>]:<release> name.

--restrict

Restrict the scan to the URL directory and subdirectories. If not selected then the entire host will be scanned.

--timebox=<timebox>

Timebox for the scan duration (in hours).

--timezone=<timezone>

The timezone in which the website is running in.

-u, --network-username=<username>

The Network Username to use.

--url, --site-url=<siteUrl>

Base URL for accessing the remote system.

--vpn=<fodConnectNetwork>

Fortify Connect network name to use for site-to-site VPN. If specified, environment will be set to Internal.

Session options

--session=<sessionName>

Name of the FoD session to use for executing this command. Default value: default.

Output options

-o, --output=format[=<options>]

Specify output format and options. Available output formats: csv, csv-plain, json, json-flat, table, table-plain, tree, tree-flat, xml, xml-flat, yaml, yaml-flat, expr, json-properties. The 'expr' output format takes a string containing '{property}' placeholders, other output formats take an optional, comma-separated list of properties to include in the output. Use '-o json-properties' on the current command to see available properties.

--store=variableName[:<propertyNames>]

Store the JSON results of this command in a variable. Variables can be managed through the 'fcli util variable' command, and can be referenced using ::variable::[property] on any subsequent command.

--to-file=<outputFile>

Write command output to the specified file instead of stdout.

Generic fcli options

--env-prefix=<envPrefix>

Environment variable prefix for resolving default option and parameter values. Default value is FCLI_DEFAULT.

-h, --help

Show this help message and exit. Use 'fcli <command> -h' to display help for subcommands.

--log-file=<logFile>

File where logging data will be written. Defaults to fcli.log in current directory if --log-level is specified.

--log-level=<logLevel>

Set logging level. Note that DEBUG and TRACE levels may result in sensitive data being written to the log file. Allowed values: TRACE, DEBUG, INFO, WARN, ERROR.