SafeSCARF ci-connector (additional parameters)
ci-connector support two modes:
list-scannersupload-scan
Both methods require defining SafeSCARF host and token as it was already written.
The first one can be used to show names of scanning tools that can be used in SafeSCARF.
upload-scan supports multiple variables:
$ ci-connector upload-scan --help
Usage: ci-connector upload-scan [OPTIONS]
upload/re-upload scan result to CI-Scanner SafeSCARF
Options:
--host TEXT SafeSCARF host [required]
--token TEXT SafeSCARF API token [required]
-s, --scanner TEXT SafeSCARF scanner (test type) [required]
-e, --engagement-id INTEGER SafeSCARF engagement ID
-t, --test-id INTEGER SafeSCARF test ID
--tags TEXT comma-separated list of tags (ignored in re-
uploads)
--inactive flag test as inactive
--unverify flag test as unverified
--severity [Info|Low|Medium|High|Critical]
-f, --report-file FILENAME Report file (can also read from stdin)
[required]
--help Show this message and exit.
All example snippets use -e which check if specified engagement exists already contains some test. If not, a new test is created. If a test exists (and it is only one), it is automatically found and results are replaced.
In case, engagement contains multiple tests and the developer would like to upload results into the specific one, it is possible to use option -t (instead -e).
--tags allow adding specific tags to scan. They will be shown next to the test name in SVMP and they can be used in search filters.
All findings are automatically marked as Active and Verified. If you would like to change this default behaviour, use --inactive and/or --unverify.
It is also possible to limit processing only findings with some minimal severity by adding --severity .... All findings with lower severity will be skipped.