Synopsis

fcli fod dast-scan setup-api [--false-positive-removal] [--skip-if-exists] --assessment-type=<assessmentType> [--delim=<delimiter>] [--entitlement-id=<entitlementId>] [--environment=<environmentFacingType>] [-f=<file>] [--file-id=<fileId>] --frequency=<entitlementFrequencyType> [--host=<apiHost>] [--key=<apiKey>] [--network-auth-type=<networkAuthenticationType>] [-p=<password>] --rel=id|app[:ms]:rel [--scheme-type=<apiSchemeType>] [--service-path=<apiServicePath>] [--timebox=<timebox>] [--timezone=<timezone>] --type=<apiType> [-u=<username>] [--url=<apiUrl>] [--vpn=<fodConnectNetwork>] [[-h] [--env-prefix=<prefix>] [--log-file=<logFile>] [--log-level=<logLevel>] [--log-mask=<level>] [--debug]] [[--fod-session=<sessionName>]] [[-o=<type+args>] [--style*=<style>,…​]…​ ] [--to-file=<outputFile>_]]

Description

This command is intended for preview only. Command name, options and behavior may change at any time, even between patch or minor releases, potentially affecting any workflows in which this command is being used. To correctly setup a scan you will need to provide the Id or Name of the assessment type using the '--assessment-type' option. Since assessment types can potentially be configured differently for each tenant, you can find the correct name using the 'fod release lsat' command. If you know the Id of an entitlement that you want to use then you can supply it to the '--entitlement-id' option. If not, and you supply both the '--assessment-type' and '--entitlement-frequency' options the command will try to find an appropriate entitlement. In order to use an OpenAPI specification, Postman collection, GraphQL schema file or GRPC proto file, you can upload it directly using the '--file' option, or you can refer to a previously uploaded File Id that was uploaded using the 'fod dast-scan upload-file' command.

Options

--assessment-type=<assessmentType>

The assessment type to use, this can be the Id or the Name. Use 'fod release lsat' to find valid values.

--delim=<delimiter>

Change the default delimiter character when using options that accept "application[:microservice]:release" as an argument or parameter.

--entitlement-id=<entitlementId>

Entitlement Id to use. If not specified Frequency and Assessment Type will be used to find one.

--environment=<environmentFacingType>

The public facing visibility of the environment. Valid values: Internal, External.

-f, --file=<file>

An OpenAPI specification, Postman collection, GraphQL schema file or GRPC proto file.

--false-positive-removal

Request false positive removal by the testing team (once per application).

--file-id=<fileId>

The file Id of a Workflow Macro previously uploaded using the 'fod dast-scan upload-file' command.

--frequency, --entitlement-frequency=<entitlementFrequencyType>

The entitlement frequency type to use. Valid values: SingleScan, Subscription.

--host=<apiHost>

API Host.

--key, --api-key=<apiKey>

API Key to use for authentication.

--network-auth-type=<networkAuthenticationType>

The Network Authentication type to use. Valid values: Basic, NTLM, Kerberos, Digest, Automatic, ADFS_CBT.

-p, --network-password=<password>

The Network Password to use.

--rel, --release=id|app[:ms]:rel

Release id or <application>[:<microservice>]:<release> name.

--scheme-type=<apiSchemeType>

API Scheme Type. Valid values: HTTP, HTTPS, HTTPandHTTPs.

--service-path=<apiServicePath>

API Service Path.

--skip-if-exists

Skip setup if a scan has already been set up. If not specified, any existing scan setup will be replaced based on the given setup options.

--timebox=<timebox>

Timebox for the scan duration (in hours).

--timezone=<timezone>

The timezone in which the website is running in.

--type=<apiType>

The type of API to scan. Valid Values: OpenApi, Postman, GraphQL, GRPC

-u, --network-username=<username>

The Network Username to use.

--url, --api-url=<apiUrl>

The URL to the API definition file.

--vpn=<fodConnectNetwork>

Fortify Connect network name to use for site-to-site VPN. If specified, environment will be set to Internal.

FoD session name options

--fod-session=<sessionName>

Name of the FoD session to use for executing this command. Default value: default.

Output options (also see documentation link below)

-o, --output=<type+args>

Select output type (csv, table, expr, json, xml, yaml) and optional type arguments.

--store=<var>[:<prop>]

Store JSON results in an fcli variable for later reference.

*--style*=<style>,…​

Select output style: header, no-header, pretty, no-pretty, flat, no-flat, array, single, border, no-border, md-border.

--to-file=<outputFile>

Write output to the specified file.

Generic fcli options (also see documentation link below)

--debug

Enable collection of debug logs.

--env-prefix=<prefix>

Prefix for resolving default option values. Default value: FCLI_DEFAULT.

-h, --help

Use 'fcli [command] -h' to display help for fcli (sub-)commands.

--log-file=<logFile>

Write log output to file. Default: ./fcli.log if logging is enabled.

--log-level=<logLevel>

Set logging level: TRACE, DEBUG, INFO, WARN, ERROR, NONE.

--log-mask=<level>

Log mask level: high, medium, low, none. Default: medium. Masking is done on a best-effort basis; no guarantee that all sensitive data will be masked.