ScanFolder
Description
Scan the specified folder and perform other actions related to scanning.
Syntax
ounceauto ScanFolder
-folder_path <path to folder>
[-name <assessment name>]
[-scanconfig <scan_configuration_name>]
[-waitforlicense <wait_time>]
[-save <filename>]
[-caller <caller>]
[-publish]
[-clearcache]
[-report <report type> <output format> <output location>]
[-export <export type> <output location>]
[-includeSrcBefore <n>]
[-includeSrcAfter <n>]
[-includeTraceDefinitive]
[-includeTraceSuspect]
[-includeTraceCoverage]
[-includeHowToFix]
[-enablesecrets <true/false>]
[-secretsonly <true/false>]
[-sourcecodeonly <true/false>]-folder_path <path to folder>: Required. The path of an existing folder to scan.-name <assessment name>: Optional. A name for the assessment.-scanconfig <scan_configuration_name>: Optional. Specify the name of a scan configuration to use for the scan. If a scan configuration is not specified, the default scan configuration will be used for the scan.-waitforlicense <wait_time>: Optional. Specify the wait time in minutes for which a scan will wait when a AppScan® Source for Automation license is not available. If a wait time is not indicated using-waitforlicense, a default value is drawn fromCLI.ozsettings. Wait time can be disabled by setting the value to 0.-save <filename>: Optional. Save the assessment results to this file.-caller <caller>: Optional. Assign a caller to the operation. The caller can be the name of an actual user, but this is not required. The caller name is written to the ounceauto log file.-publish: Optional. Publish the assessment after scanning.-clearcache: Optional. Remove the vulnerability analysis cache and custom rules signature data before scanning.-report: Optional. Generate a report after the scan.- Required
-reportcommand options:<report type>: Type of report. The report types consist of Findings reports, AppScan® Source reports, and custom reports. Refer to the options in GenerateReport.<output format>: Specify the report format. Refer to the options in GenerateReport.<output location>: The location to save the report.
- Optional -report command options:
-includeSrcBefore <n>: The number of lines of source code to include before each finding.-includeSrcAfter <n>: The number of lines of source code to include after each finding.-includeTraceDefinitive: Include trace information in the report for definitive findings (see Classifications to learn about findings classifications).-includeTraceSuspect: Include trace information in the report for suspect findings.-includeTraceCoverage: Include trace information in the report for scan coverage findings.
- Required
-export: Optional. Export scan findings to a CSV or SARIF file. If used, the following command options are required.<export type>: Format of the exported report, CSV or SARIF.<output location>: The path and file name to which to save the report.
-includeHowToFix: Optional. Include advisory information for how to address and correct findings.-enablesecrets <true/false>: Optional. Specify to scan source files with secret scanner in addition to the other relevant scanners. Valid values are true and false.-secretsonly <true/false>: Optional. Specify to scan source files only with secret scanner. Valid values are true and false.-sourcecodeonly <true/false>: Optional. Specify to scan only source files and ignore other supported file types (.dll,.exe). Valid values are true and false
Note: -enablesecrets and -secretsonly are mutually exclusive. They cannot be true at the same time.
Return Value
The Request ID if successful, or -1 if the request submission was unsuccessful.
Examples
- Scan the WebGoat
folder:
ounceauto scanfolder -folder_path "C:\WebGoat"
- Scan the WebGoat folder and create a Findings report in the C:\WebGoat
directory. In the report, include trace information for definitive
findings:
ounceauto scanfolder -folder_path "C:\WebGoat" -report Findings html "C:\WebGoat\MyReport.html" -includeTraceDefinitive