ScanFolder

Description

Scan the specified folder and perform other actions related to scanning.

Syntax

ounceauto ScanFolder
-folder_path <path to folder>
[-name <assessment name>]
[-scanconfig <scan_configuration_name>]
[-waitforlicense <wait_time>]
[-save <filename>]
[-caller <caller>]
[-publish]
[-clearcache]
[-report <report type> <output format> <output location>]
[-export <export type> <output location>]
[-includeSrcBefore <n>]
[-includeSrcAfter <n>]
[-includeTraceDefinitive]
[-includeTraceSuspect]
[-includeTraceCoverage]
[-includeHowToFix]
[-enablesecrets <true/false>]
[-secretsonly <true/false>]
[-sourcecodeonly <true/false>]
  • -folder_path <path to folder> : Required. The path of an existing folder to scan.
  • -name <assessment name>: Optional. A name for the assessment.
  • -scanconfig <scan_configuration_name>: Optional. Specify the name of a scan configuration to use for the scan. If a scan configuration is not specified, the default scan configuration will be used for the scan.
  • -waitforlicense <wait_time>: Optional. Specify the wait time in minutes for which a scan will wait when a AppScan® Source for Automation license is not available. If a wait time is not indicated using -waitforlicense, a default value is drawn from CLI.ozsettings. Wait time can be disabled by setting the value to 0.
  • -save <filename>: Optional. Save the assessment results to this file.
  • -caller <caller>: Optional. Assign a caller to the operation. The caller can be the name of an actual user, but this is not required. The caller name is written to the ounceauto log file.
  • -publish: Optional. Publish the assessment after scanning.
  • -clearcache: Optional. Remove the vulnerability analysis cache and custom rules signature data before scanning.
  • -report: Optional. Generate a report after the scan.
    • Required -report command options:
      • <report type>: Type of report. The report types consist of Findings reports, AppScan® Source reports, and custom reports. Refer to the options in GenerateReport.
      • <output format>: Specify the report format. Refer to the options in GenerateReport.
      • <output location>: The location to save the report.
    • Optional -report command options:
      • -includeSrcBefore <n>: The number of lines of source code to include before each finding.
      • -includeSrcAfter <n>: The number of lines of source code to include after each finding.
      • -includeTraceDefinitive: Include trace information in the report for definitive findings (see Classifications to learn about findings classifications).
      • -includeTraceSuspect: Include trace information in the report for suspect findings.
      • -includeTraceCoverage: Include trace information in the report for scan coverage findings.
  • -export: Optional. Export scan findings to a CSV or SARIF file. If used, the following command options are required.
    • <export type>: Format of the exported report, CSV or SARIF.
    • <output location>: The path and file name to which to save the report.
  • -includeHowToFix: Optional. Include advisory information for how to address and correct findings.
  • -enablesecrets <true/false>: Optional. Specify to scan source files with secret scanner in addition to the other relevant scanners. Valid values are true and false.
  • -secretsonly <true/false>: Optional. Specify to scan source files only with secret scanner. Valid values are true and false.
  • -sourcecodeonly <true/false>: Optional. Specify to scan only source files and ignore other supported file types (.dll, .exe). Valid values are true and false

Note: -enablesecrets and -secretsonly are mutually exclusive. They cannot be true at the same time.

Return Value

The Request ID if successful, or -1 if the request submission was unsuccessful.

Examples

  • Scan the WebGoat folder:
    ounceauto scanfolder -folder_path "C:\WebGoat"
  • Scan the WebGoat folder and create a Findings report in the C:\WebGoat directory. In the report, include trace information for definitive findings:
    ounceauto scanfolder -folder_path "C:\WebGoat" -report Findings html "C:\WebGoat\MyReport.html" -includeTraceDefinitive