Synopsis

fcli sc-sast session login -c[=<clientAuthToken>] [--session=<sessionName>] [[-h] [--env-prefix=<envPrefix>] [--log-file=<logFile>] [--log-level=<logLevel>]] ] [--store=_variableName _ ] [--to-file=<outputFile>_]] ([-k] [--socket-timeout=<socketTimeout>] [--connect-timeout=<connectTimeout>] --ssc-url=<url>) ((-u=<user> -p[=<password>] [--expire-in=<expireIn>]) | -t[=<token>])

Description

This command stores the SSC and ScanCentral SAST API URL and authentication token in an encrypted session file in the fcli state data folder, for use by other 'fcli sc-sast' commands to connect to the specified SSC/ScanCentral SAST instance. Option values may be passed on the command line or specified through environment variables (common for CI/CD pipeline use) as listed below.

When logging in with username and password, this command will connect to SSC to generate a CIToken; the user password is not stored by fcli. When logging in with a pre-generated CIToken, this token will be stored as-is. Note that due to SSC limitations, fcli cannot determine when the token will expire.

For interactive use, you may choose to keep the session open until it expires. For CI/CD integrations and other automations, you should always issue a logout command once work is complete. On shared/non-containerized systems, consider setting FCLI_STATE_DIR or FCLI_DATA_DIR environment variables to prevent unexpected interactions between different pipelines.

Options

--session=<sessionName>

Name for this ScanCentral SAST session. Default value: default.

-u, --ssc-user=<user>

SSC user name.

Environment variables:

FCLI_DEFAULT_SSC_USER: Shared with SSC/SC DAST
FCLI_DEFAULT_SC_SAST_SSC_USER: Only SC SAST commands
-p, --ssc-password[=<password>]

SSC password.

Environment variables:

FCLI_DEFAULT_SSC_PASSWORD: Shared with SSC/SC DAST
FCLI_DEFAULT_SC_SAST_SSC_PASSWORD: Only SC SAST commands
--expire-in=<expireIn>

Specify for how long the session should remain active, for example 1h (1 hour) or 1d (1 day).

Default: 1d
-t, --ssc-ci-token[=<token>]

SSC CIToken in either encoded (REST) or decoded (application) format.

Environment variables:

FCLI_DEFAULT_SSC_CI_TOKEN: Shared with SSC/SC DAST
FCLI_DEFAULT_SC_SAST_SSC_CI_TOKEN: Only SC SAST commands
-c, --client-auth-token[=<clientAuthToken>]

ScanCentral SAST client_auth_token (shared secret).

This token must match the client_auth_token property in ScanCentral SAST

Environment variables:

FCLI_DEFAULT_SC_SAST_CLIENT_AUTH_TOKEN
--ssc-url=<url>

SSC URL.

Environment variables:

FCLI_DEFAULT_SSC_URL: Shared with SSC/SC DAST
FCLI_DEFAULT_SC_SAST_SSC_URL: Only SC SAST commands
-k, --insecure

Disable SSL checks.

--socket-timeout=<socketTimeout>

Socket timeout for this session, for example 30s (30 seconds), 5m (5 minutes). Default value: 60 seconds.

--connect-timeout=<connectTimeout>

Connection timeout for this session, for example 30s (30 seconds), 5m (5 minutes). Default value: 10 seconds.

Output options:

-o, --output=format[=<options>]

Specify output format and options. Available output formats: csv, csv-plain, json, json-flat, table, table-plain, tree, tree-flat, xml, xml-flat, yaml, yaml-flat, expr, json-properties. The 'expr' output format takes a string containing '{property}' placeholders, other output formats take an optional, comma-separated list of properties to include in the output. Use '-o json-properties' on the current command to see available properties.

--store=variableName[=<propertyNames>]

Store the JSON results of this command in a variable. Variables can be managed through the 'fcli util variable' command, and can be referenced using ::variable::[property] on any subsequent command.

--to-file=<outputFile>

Write command output to the specified file instead of stdout.

Generic fcli options:

-h, --help

Show this help message and exit. Use 'fcli <command> -h' to display help for subcommands.

--env-prefix=<envPrefix>

Environment variable prefix for resolving default option and parameter values. Default value is FCLI_DEFAULT.

--log-file=<logFile>

File where logging data will be written. Defaults to fcli.log in current directory if --log-level is specified.

--log-level=<logLevel>

Set logging level. Note that DEBUG and TRACE levels may result in sensitive data being written to the log file. Allowed values: TRACE, DEBUG, INFO, WARN, ERROR.