ScanFolder
Description
Scan the specified folder and perform other actions related to scanning.
Syntax
ounceauto ScanFolder
-folder_path <path to folder>
[-name <assessment name>]
[-scanconfig <scan_configuration_name>]
[-waitforlicense <wait_time>]
[-save <filename>]
[-caller <caller>]
[-publish]
[-clearcache]
[-report <report type> <output format> <output location>]
[-export <export type> <output location>]
[-includeSrcBefore <n>]
[-includeSrcAfter <n>]
[-includeTraceDefinitive]
[-includeTraceSuspect]
[-includeTraceCoverage]
[-includeHowToFix]
[-enablesecrets <true/false>]
[-secretsonly <true/false>]
[-sourcecodeonly <true/false>]
-folder_path <path to folder>
: Required. The path of an existing folder to scan.-name <assessment name>
: Optional. A name for the assessment.-scanconfig <scan_configuration_name>
: Optional. Specify the name of a scan configuration to use for the scan. If a scan configuration is not specified, the default scan configuration will be used for the scan.-waitforlicense <wait_time>
: Optional. Specify the wait time in minutes for which a scan will wait when a AppScan® Source for Automation license is not available. If a wait time is not indicated using-waitforlicense
, a default value is drawn fromCLI.ozsettings
. Wait time can be disabled by setting the value to 0.-save <filename>
: Optional. Save the assessment results to this file.-caller <caller>
: Optional. Assign a caller to the operation. The caller can be the name of an actual user, but this is not required. The caller name is written to the ounceauto log file.-publish
: Optional. Publish the assessment after scanning.-clearcache
: Optional. Remove the vulnerability analysis cache and custom rules signature data before scanning.-report
: Optional. Generate a report after the scan.- Required
-report
command options:<report type>
: Type of report. The report types consist of Findings reports, AppScan® Source reports, and custom reports. Refer to the options in GenerateReport.<output format>
: Specify the report format. Refer to the options in GenerateReport.<output location>
: The location to save the report.
- Optional -report command options:
-includeSrcBefore <n>
: The number of lines of source code to include before each finding.-includeSrcAfter <n>
: The number of lines of source code to include after each finding.-includeTraceDefinitive
: Include trace information in the report for definitive findings (see Classifications to learn about findings classifications).-includeTraceSuspect
: Include trace information in the report for suspect findings.-includeTraceCoverage
: Include trace information in the report for scan coverage findings.
- Required
-export
: Optional. Export scan findings to a CSV or SARIF file. If used, the following command options are required.<export type>
: Format of the exported report, CSV or SARIF.<output location>
: The path and file name to which to save the report.
-includeHowToFix
: Optional. Include advisory information for how to address and correct findings.-enablesecrets <true/false>
: Optional. Specify to scan source files with secret scanner in addition to the other relevant scanners. Valid values are true and false.-secretsonly <true/false>
: Optional. Specify to scan source files only with secret scanner. Valid values are true and false.-sourcecodeonly <true/false>
: Optional. Specify to scan only source files and ignore other supported file types (.dll
,.exe
). Valid values are true and false
Note: -enablesecrets and -secretsonly are mutually exclusive. They cannot be true at the same time.
Return Value
The Request ID if successful, or -1 if the request submission was unsuccessful.
Examples
- Scan the WebGoat
folder:
ounceauto scanfolder -folder_path "C:\WebGoat"
- Scan the WebGoat folder and create a Findings report in the C:\WebGoat
directory. In the report, include trace information for definitive
findings:
ounceauto scanfolder -folder_path "C:\WebGoat" -report Findings html "C:\WebGoat\MyReport.html" -includeTraceDefinitive