Threat Agent - Installation & Scanning
Threatrix Threat Agent is a CLI scanning agent intended for use in situations where you don't want to scan directly from Github, Gitlab, or other source control management platforms.
Last updated
Threatrix Threat Agent is a CLI scanning agent intended for use in situations where you don't want to scan directly from Github, Gitlab, or other source control management platforms.
Last updated
Before running a scan with Threat Agent you should create an API key and collect your Organization ID and Entity ID from your profile screen as shown below. These can be set as environment variables or passed directly as arguments to Threat Agent during a scan.
Threat Agent can be deployed in two ways.
Download and install directly on host - This requires that you have all your dependency managers installed on you host as they will be required by Threatrix to perform a scan
Docker Deployment - If you're familiar with Docker and your deployment environment supports it, this is the easiest way to get up and running with our Threat Agent.
Argument/Flag
Type
Description
--app-name
argument
Optional
Set or override the default project name
--api-key
argument
Required
API Key from your user profile
--api-url
argument
Optional
Threatrix API url (no need to change unless you have a self-hosted Threatrix server)
--oid
argument
Required
OrganizationID from user profile
--eid
argument
Required
EntityID from user profile
--scpId
argument
Optional
Existing AICertify or CodeCertify projectId
--repo-owner
argument
Optional
Repository Owner
--repo-name
argument
Optional
Repository Name
--branch
argument
Optional
Current Branch
--scm
argument
Optional
Indicates the sourced control management system
to which the build is attached. Possible options are
GITHUB
GITLAB
BITBUCKET
--scm-access-token
argument
Optional
The token required to create pull/merge request scan
reports.
--verbose
flag
Optional
Activate debugging
--progress
flag
Optional
Show progress during scan
