TABLE OF CONTENTS

Overview

This topic explains all the scanner command syntax and different parameters passed through the image scanning Command Line Interface (CLI). 


The Aqua scanner CLI supports the following arguments: 

  • scan
  • import
  • register-all
  • version
  • license
  • daemon

scan

scan argument is used to run singular scans or ad-hoc scans. While attempting to run scans, you should pass argument scan with the appropriate flags for the scan logistics. For more information on the usage of scan command and the associated flags, refer to Scan Argument.

import

This section explains the import command passed through the image scanning Command Line Interface (CLI). This command imports the results of a scan (already performed) as a JSON file from one Aqua platform to another. After scan, the image will be registered in Aqua as a result. To import a file, the original scan must include the --registry flag, even if the image is scanned locally. Importing a scan result allows only through the .json files.


Command syntax

docker run -v /var/run/docker.sock:/var/run/docker.sock -v /tmp:/tmp registry.aquasec.com/scanner:6.2 import -H http://aqua-server:8080 -U <SCAN_USER> -P <SCAN_PASSWORD> /tmp/scanresult.json [flags]


Note: The file path and file name shown above are just for reference only. You should specify the correct path and file name to get success.


Output response

2021-04-09 09:47:48.065 INFO    Logger started with level INFO
2021-04-09 09:47:48.185 INFO    Registering with server {"os": "linux", "os_version": "", "registries": []}
2021-04-09 09:47:48.296 INFO    Successfully registered {"scanner_id": 18}
2021-04-09 09:47:48.298 INFO    Trying to send results to console
2021-04-09 09:47:48.412 INFO    Successfully dispatched image scan results      {"imageName": "alpine:latest"}
2021-04-09 09:47:48.412 INFO    Scan results successfully imported

After passing this command, If the return code is a non-zero (other than zero), it indicates an error.


register-all

This section explains the register-all command syntax passed through the image scanning Command Line Interface (CLI). register-all command scans and registers all images from a specific registry.

Give an introduction to the topic of this How-to article. For example, let's consider that this article explains how to use article template


Specifying the -d flag will leave the scanner running to keep scanning and registering new images that appear in the specific registry.

docker run -v /var/run/docker.sock:/var/run/docker.sock registry.aquasec.com/scanner:6.2 register-all "Registry name" -H http://aqua-server:8080 -U <SCAN_USER> -P <SCAN_PASSWORD> [flags]

After passing this command, If the return code is a non-zero (other than zero), it indicates an error.


version

This section explains the version command syntax passed through the image scanning Command Line Interface (CLI). This command provides the version of the Aqua scanner in the output response.


Command syntax

docker run registry.aquasec.com/scanner:6.2 version [flags]

Output response

You receive the following output response having the details of the scanner.

2021-03-14 10:08:35.298 INFO    Logger started with level INFO
scannercli version 5.3.21072, compiled Mar 13 2021 21:23:50

daemon

The scanner CLI (Command Line Interface) can deploy additional scanners to the Aqua server that can handle registry scans. This allows the scan load to get pushed from the console to the scanners for more throughput. You should use the command daemon to deploy an additional scanner daemon. For more information on the usage of daemon command and the associated flags, refer to Add Daemon Scanners.


Command flags

There are no flags applicable specific to each command in this document other than scan and daemon. For more information on the General flags for all commands, refer to General flags (all commands).