Threat Agent - Installation & Scanning

Threatrix Threat Agent is a CLI scanning agent intended for use in situations where you don't want to scan directly from Github, Gitlab, or other source control management platforms.

Getting Ready to Scan

Before running a scan with Threat Agent you should create an API key and collect your Organization ID and Entity ID from your profile screen as shown below. These can be set as environment variables or passed directly as arguments to Threat Agent during a scan.

Threat Agent Deployment Types

Threat Agent can be deployed in two ways.

  1. Download and install directly on host - This requires that you have all your dependency managers installed on you host as they will be required by Threatrix to perform a scan

  2. Docker Deployment - If you're familiar with Docker and your deployment environment supports it, this is the easiest way to get up and running with our Threat Agent.

Host install and scanning

1. Download Threat Agent CLI

curl -LJO https://github.com/threatrix/threat-matrix/releases/download/agent-release-latest/threat-agent-latest.jar

2. Run Threat Agent CLI

java -jar threat-agent-latest.jar --oid={ORGID} --eid={ENTITYID} --api-key={AIPKEY} $PATH_TO_PROJECT

Docker Scanning

sudo docker run --rm --name threatrix-threat-agent -v $(pwd):/app threatrix/threat-agent \
 --oid={ORGID} \
 --eid={ENTITYID} \
 --api-key={API_KEY} $PATH_TO_PROJECT

Command line options

Last updated