Synopsis

fcli fod sast-scan setup [--include-third-party-libs] [--oss] [--skip-if-exists] [--use-aviator] [--use-source-control] --assessment-type=<staticAssessmentType> --audit-preference=<auditPreferenceType> [--delim=<delimiter>] [--entitlement-id=<entitlementId>] --frequency=<entitlementFrequencyType> [--language-level=<languageLevel>] [--progress=<type>] --rel=id|app[:ms]:rel [--technology-stack=<technologyStack>] [[-h] [--env-prefix=<envPrefix>] [--log-file=<logFile>] [--log-level=<logLevel>]] [[--session=<sessionName>]] ] [--store=_variableName _ ] [--to-file=<outputFile>_]]

Description

This command is not fully implemented and is intended for preview only. Command name, options and behavior may change at any time, even between patch or minor releases, potentially affecting any workflows in which this command is being used. To correctly setup a scan you will need to provide the name of the assessment type using the '--assessment-type=xxx' option. Since assessment types can potentially be configured differently for each tenant, you can find the correct name using the 'fod rest lookup AssessmentTypes' command. If you know the Id of an entitlement that you want to use then you can supply it to the '--entitlement-id=xxx' option. If not, you can supply both '--assessment-type' and '--entitlement-frequency' options and the command will try to find an appropriate entitlement. For the '--technology-stack' and '--language-level' options it is recommended to examine the drop-down list values in the FoD UI. However, you can also use the 'fod rest lookup' command. For example, to list all the technology stacks you would use 'fod rest lookup TechnologyTypes' and then for the language levels (if appropriate) you would use the 'Value' field returned in 'fod rest lookup LanguageLevels'. For example, for Java which is typically value '7', you would use 'fod rest lookup LanguageLevels -q "group=='7'".

Options

--assessment-type=<staticAssessmentType>

The type of Static assessment to carry out. Use 'release list-assessment-types' to find valid values.

--audit-preference=<auditPreferenceType>

Audit preference, e.g. Manual or Automated

--delim=<delimiter>

Change the default delimiter character when using options that accept "application[:microservice]:release" as an argument or parameter.

--entitlement-id=<entitlementId>

Entitlement Id to use. If not specified Frequency and Assessment Type will be used to find one.

--frequency, --entitlement-frequency=<entitlementFrequencyType>

The entitlement frequency type to use. Valid values: SingleScan, Subscription.

--include-third-party-libs

(LEGACY) Indicates if third party libraries should be included.

--language-level=<languageLevel>

The language level of the technology stack (if needed).

--oss

Perform Open Source Analysis scan.

--progress=<type>

Configure progress output. Allowed values: auto, none, simple, stderr, single-line, ansi. Default value: auto. Proper output of single-line and ansi depends on console capabilities.

--rel, --release=id|app[:ms]:rel

Release id or <application>[:<microservice>]:<release> name.

--skip-if-exists

Skip setup if a scan has already been set up. If not specified, any existing scan setup will be replaced based on the given setup options.

--technology-stack=<technologyStack>

The technology stack of the application. Default value: Auto Detect.

--use-aviator

Use Fortify Aviator to audit results and provide enhanced remediation guidance.

--use-source-control

(LEGACY) Indicates if source control should be used.

Session options

--session=<sessionName>

Name of the FoD session to use for executing this command. Default value: default.

Output options

-o, --output=format[=<options>]

Specify output format and options. Available output formats: csv, csv-plain, json, json-flat, table, table-plain, tree, tree-flat, xml, xml-flat, yaml, yaml-flat, expr, json-properties. The 'expr' output format takes a string containing '{property}' placeholders, other output formats take an optional, comma-separated list of properties to include in the output. Use '-o json-properties' on the current command to see available properties.

--store=variableName[=<propertyNames>]

Store the JSON results of this command in a variable. Variables can be managed through the 'fcli util variable' command, and can be referenced using ::variable::[property] on any subsequent command.

--to-file=<outputFile>

Write command output to the specified file instead of stdout.

Generic fcli options

--env-prefix=<envPrefix>

Environment variable prefix for resolving default option and parameter values. Default value is FCLI_DEFAULT.

-h, --help

Show this help message and exit. Use 'fcli <command> -h' to display help for subcommands.

--log-file=<logFile>

File where logging data will be written. Defaults to fcli.log in current directory if --log-level is specified.

--log-level=<logLevel>

Set logging level. Note that DEBUG and TRACE levels may result in sensitive data being written to the log file. Allowed values: TRACE, DEBUG, INFO, WARN, ERROR.