diff --git a/.github/workflows/kondukto-gosec.yml b/.github/workflows/invicti-aspm-gosec.yml
similarity index 77%
rename from .github/workflows/kondukto-gosec.yml
rename to .github/workflows/invicti-aspm-gosec.yml
index 3b76374..15c61cd 100644
--- a/.github/workflows/kondukto-gosec.yml
+++ b/.github/workflows/invicti-aspm-gosec.yml
@@ -1,4 +1,4 @@
-name: Kondukto Gosec Scan
+name: Invicti ASPM Gosec Scan
on:
workflow_dispatch:
@@ -17,17 +17,17 @@ jobs:
runs-on: ubuntu-latest
env:
GO111MODULE: on
- KONDUKTO_TOKEN: ${{ secrets.KONDUKTO_TOKEN }}
- KONDUKTO_HOST: ${{ secrets.KONDUKTO_HOST }}
- name: Kondukto GoSec Scan
+ INVICTI_ASPM_TOKEN: ${{ secrets.INVICTI_ASPM_TOKEN }}
+ INVICTI_ASPM_HOST: ${{ secrets.INVICTI_ASPM_HOST }}
+ name: Invicti ASPM GoSec Scan
steps:
- - name: Configure Kondukto CLI
- id: configure_kondukto_cli
+ - name: Configure Invicti ASPM CLI
+ id: configure_invicti_aspm_cli
run: |
curl -sSL https://cli.kondukto.io | sh
- - name: Get Kondukto CLI Version
+ - name: Get Invicti ASPM CLI Version
id: kdt_version
run: |
kdt version
@@ -52,7 +52,7 @@ jobs:
name: results.json
path: results.json
- - name: Upload Gosec Scan Results To Kondukto
+ - name: Upload Gosec Scan Results To Invicti ASPM
id: upload_gosec_results
run: |
kdt scan -p ${{ github.event.repository.name }} -t gosec -b ${{ github.ref_name }} -f results.json
diff --git a/.github/workflows/kondukto-nancy.yml b/.github/workflows/invicti-aspm-nancy.yml
similarity index 80%
rename from .github/workflows/kondukto-nancy.yml
rename to .github/workflows/invicti-aspm-nancy.yml
index e49c35d..9b2da1e 100644
--- a/.github/workflows/kondukto-nancy.yml
+++ b/.github/workflows/invicti-aspm-nancy.yml
@@ -1,4 +1,4 @@
-name: Kondukto Nancy Scan
+name: Invicti ASPM Nancy Scan
on:
workflow_dispatch:
@@ -17,17 +17,17 @@ jobs:
runs-on: ubuntu-latest
env:
GO111MODULE: on
- KONDUKTO_TOKEN: ${{ secrets.KONDUKTO_TOKEN }}
- KONDUKTO_HOST: ${{ secrets.KONDUKTO_HOST }}
- name: Kondukto Nancy Scan
+ INVICTI_ASPM_TOKEN: ${{ secrets.INVICTI_ASPM_TOKEN }}
+ INVICTI_ASPM_HOST: ${{ secrets.INVICTI_ASPM_HOST }}
+ name: Invicti ASPM Nancy Scan
steps:
- - name: Configure Kondukto CLI
- id: configure_kondukto_cli
+ - name: Configure Invicti ASPM CLI
+ id: configure_invicti_aspm_cli
run: |
curl -sSL https://cli.kondukto.io | sh
- - name: Get Kondukto CLI Version
+ - name: Get Invicti ASPM CLI Version
id: kdt_version
run: |
kdt version
@@ -61,7 +61,7 @@ jobs:
name: results.json
path: results.json
- - name: Upload Nancy Scan Results To Kondukto
+ - name: Upload Nancy Scan Results To Invicti ASPM
id: upload_nancy_results
run: |
kdt scan -p ${{ github.event.repository.name }} -t nancy -b ${{ github.ref_name }} -f results.json
diff --git a/README.md b/README.md
index 0e2b017..bead461 100644
--- a/README.md
+++ b/README.md
@@ -1,416 +1,831 @@
-
+
# KDT
-KDT is a command line client for [Kondukto](https://kondukto.io) written in [Go](https://golang.org). It interacts with Kondukto engine through public API.
-With KDT, you can list projects and their scans in **Kondukto**, and restart a scan with a specific application security tool. KDT is also easy to use in CI/CD pipelines to trigger scans and break releases if a scan fails or scan results don't met specified release criteria.
-
-### What is Kondukto?
-[Kondukto](https://kondukto.io) is an Application Security Testing Orchestration and DevSecOps platform that helps you centralize and automate your entire AppSec related vulnerability management process. Providing an interface where security health of applications can be continuously monitored, and a command line interface where your AppSec operations can be integrated into DevOps pipelines, Kondukto lets you manage your AppSec processes automatically with ease.
+KDT is an open-source command line interface for [Invicti ASPM](https://kondukto.io), an Application Security Posture Management (ASPM) platform. Written in [Go](https://golang.org), KDT interacts with the Invicti ASPM engine through its public API.
+
+With KDT, you can list projects and their scans in **Invicti ASPM**, trigger scans with specific application security tools, import scan results, manage SBOM files, and break releases if scan results don't meet specified release criteria. KDT is designed to seamlessly integrate with CI/CD pipelines for automated DevSecOps workflows.
+
+## What is Invicti ASPM?
+
+[Invicti ASPM](https://kondukto.io) is an Application Security Posture Management (ASPM) platform that helps you centralize and automate your entire AppSec vulnerability management process. It provides:
+- Centralized security health monitoring for applications
+- DevSecOps pipeline integration
+- Automated AppSec workflow orchestration
+- Release criteria enforcement
+- SBOM management
+
+## Table of Contents
+
+- [Installation](#installation)
+- [Configuration](#configuration)
+- [Global Flags](#global-flags)
+- [Commands](#commands)
+ - [Health Checks](#health-checks)
+ - [Scan Command](#scan-command)
+ - [Release Command](#release-command)
+ - [List Commands](#list-commands)
+ - [Create Commands](#create-commands)
+ - [SBOM Commands](#sbom-commands)
+ - [Endpoint Commands](#endpoint-commands)
+ - [Status Command](#status-command)
+ - [Project Commands](#project-commands)
+- [Advanced Usage Examples](#advanced-usage-examples)
+- [Contributing](#contributing)
## Installation
-You can install the CLI with a `curl` utility script or by downloading the pre-compiled binary from the GitHub release page.
-Once installed you'll get the `kdt-cli` command and `kdt` alias.
-Utility script with `curl`:
+You can install KDT using several methods:
+
+### Using curl (Linux/macOS)
+
+**With sudo (installs system-wide):**
```shell
-$ curl -sSL https://cli.kondukto.io | sudo sh
+curl -sSL https://cli.kondukto.io | sudo sh
```
-Non-root with curl:
+**Without sudo (user installation):**
```shell
-$ curl -sSL https://cli.kondukto.io | sh
+curl -sSL https://cli.kondukto.io | sh
```
### Windows
-To install the kdt-cli on Windows go to [Releases](https://github.com/kondukto-io/kdt/releases) and download the latest kdt-cli.exe.
+Download the latest `kdt-cli.exe` from [Releases](https://github.com/kondukto-io/kdt/releases).
+
+### Using Go
-Or you can also simply run the following if you have an existing [Go](https://golang.org) environment:
+If you have a Go environment:
```shell
go get github.com/kondukto-io/kdt
```
-If you want to build it yourself, clone the source files using GitHub, change into the `kdt` directory and compile:
+### Building from Source
+
```shell
git clone https://github.com/kondukto-io/kdt.git
cd kdt
go build . -o kdt
```
-or simply run
-```
+
+Or simply:
+```shell
make all
```
## Configuration
-KDT needs Kondukto host and an API token for authentication. API tokens can be created under Integrations/API Tokens menu.
-You can provide configuration via three different ways:
+KDT requires an Invicti ASPM host URL and an API token for authentication. API tokens can be created under **Integrations > API Tokens** in the Invicti ASPM UI.
-##### 1) Setting environment variables:
+### Configuration Methods
+
+#### 1. Environment Variables
-*(example is for BASH shell)*
```shell
-$ export KONDUKTO_HOST=http://localhost:8080
-$ export KONDUKTO_TOKEN=WmQ2eHFDRzE3elplN0ZRbUVsRDd3VnpUSHk0TmF6Uko5OGlyQ1JvR2JOOXhoWEFtY2ZrcDJZUGtrb2tV
+export INVICTI_ASPM_HOST=https://your-invicti-aspm-instance.com
+export INVICTI_ASPM_TOKEN=your_api_token_here
```
-It is always better to set environment variables in shell profile files(`~/.bashrc`, `~/.zshrc`, `~/.profile` etc.)
-##### 2) Providing a configuration file.
-Default path for config file is `$HOME/.kdt.yaml`. Another file can be provided with `--config` command line flag.
-```
-kdt --config=config.yaml list projects
-```
+For persistence, add these to your shell profile (`~/.bashrc`, `~/.zshrc`, `~/.profile`).
-A config file example.
-```
-// $HOME/.kdt.yaml
-host: http://localhost:8088
-token: WmQ2eHFDRzE3elplN0ZRbUVsRDd3VnpUSHk0TmF6Uko5OGlyQ1JvR2JOOXhoWEFtY2ZrcDJZUGtrb2tV
-insecure: true
+> **Note:** The legacy environment variables `KONDUKTO_HOST` and `KONDUKTO_TOKEN` are still supported for backward compatibility but are deprecated. If you use them, you will see a deprecation warning. Please migrate to `INVICTI_ASPM_HOST` and `INVICTI_ASPM_TOKEN`.
+
+#### 2. Configuration File
+
+Default location: `$HOME/.kdt.yaml`
+
+```yaml
+host: https://your-invicti-aspm-instance.com
+token: your_api_token_here
+insecure: false
+verbose: false
```
-##### 3) Using command line flags
+You can specify a custom config file:
+```shell
+kdt --config=/path/to/config.yaml list projects
```
-kdt list projects --host http://localhost:8088 --token WmQ2eHFDRzE3elplN0ZRbUVsRDd3VnpUSHk0TmF6Uko5OGlyQ1JvR2JOOXhoWEFtY2ZrcDJZUGtrb2tV
+
+#### 3. Command Line Flags
+
+```shell
+kdt --host https://your-invicti-aspm-instance.com --token your_api_token list projects
```
-## Running
-KDT comes with an internal documentation. To see the documentation just type `kdt --help`.
-Most KDT commands are straightforward but for the details of a command you can always take a peak to the documentation. `kdt --help` or `kdt --help`.
+**Configuration Priority:** Command line flags > Environment variables > Configuration file
-### Health Checks
+## Global Flags
-Regular health checks are critical in ensuring uninterrupted communication between KDT and the Kondukto service. This section provides the necessary commands to perform these checks.
+These flags can be used with any KDT command:
-- **Verify KDT Connection to Kondukto Service**
+| Flag | Description | Default |
+|------|-------------|---------|
+| `--config` | Path to configuration file | `$HOME/.kdt.yaml` |
+| `--host` | Invicti ASPM server host URL | - |
+| `--token` | Invicti ASPM API token | - |
+| `--insecure` | Skip TLS certificate verification (not recommended for production) | `false` |
+| `-v, --verbose` | Enable verbose logging for debugging | `false` |
+| `--exit-code` | Override the exit code | `0` |
- This command allows you to check whether KDT is successfully connected to the Kondukto service.
+**Example:**
+```shell
+kdt --config=prod-config.yaml --verbose scan -p MyProject -t semgrep -b main
+```
- ```shell
- $ kdt ping
- ```
+## Commands
-- **Validate API Token**
+### Health Checks
- This command enables you to confirm that your API token is valid.
+#### Verify Connection
+Test connectivity to Invicti ASPM service:
+```shell
+kdt ping
+```
- ```shell
- $ kdt ping -a
- ```
+#### Validate API Token
+Verify that your API token is valid:
+```shell
+kdt ping -a
+```
-## Command Overview
+### Scan Command
+
+The `scan` command is the primary command for triggering security scans and importing scan results.
+
+#### Scan Flags
+
+| Flag | Short | Description | Default |
+|------|-------|-------------|---------|
+| `--async` | - | Run scan asynchronously (non-blocking) | `false` |
+| `--project` | `-p` | Project name or ID | - |
+| `--tool` | `-t` | Scanner tool name | - |
+| `--scan-id` | `-s` | Scan ID to restart | - |
+| `--branch` | `-b` | Branch name | - |
+| `--file` | `-f` | Scan result file to import | - |
+| `--image` | `-I` | Container image to scan | - |
+| `--agent` | `-a` | Agent name for agent-based scanners | - |
+| `--meta` | `-m` | Metadata | - |
+| `--scan-tag` | - | Tag for the scan | - |
+| `--env` | - | Environment: `production`, `staging`, `develop`, `feature` | - |
+| `--timeout` | - | Minutes to wait for scan completion (0 = no timeout) | `0` |
+| `--release-timeout` | - | Minutes to wait for release criteria check | `5` |
+
+#### Pull Request Scanning Flags
+
+| Flag | Short | Description |
+|------|-------|-------------|
+| `--merge-target` | `-M` | Target branch for PR scans |
+| `--pr-number` | - | PR number for decoration |
+| `--pr-decoration-scanner-types` | - | Scanner types for PR decoration (e.g., `all`, `sast`, `dast`, `sca`) |
+| `--override` | - | Override old analysis results for PR scans |
+| `--no-decoration` | - | Disable PR decoration (deprecated) |
+
+> **Note:** For pull request scans, the target branch (specified with `--merge-target`) must be scanned at least once before triggering PR scans. This baseline scan is required for comparison.
+
+#### Fork Scanning Flags
+
+| Flag | Short | Description |
+|------|-------|-------------|
+| `--fork-scan` | `-B` | Enable fork scan based on default branch |
+| `--fork-source` | - | Source branch for fork scans |
+| `--override-fork-source` | - | Override project's fork source branch |
+
+> **Note:** For fork scans, the source branch (specified with `--fork-source` or the project's default branch) must be scanned at least once before triggering fork scans. This establishes the baseline for comparison.
+
+#### Threshold Flags
+
+Break the build if vulnerabilities exceed thresholds:
+
+| Flag | Description |
+|------|-------------|
+| `--threshold-crit` | Maximum critical vulnerabilities |
+| `--threshold-high` | Maximum high vulnerabilities |
+| `--threshold-med` | Maximum medium vulnerabilities |
+| `--threshold-low` | Maximum low vulnerabilities |
+| `--threshold-risk` | Fail if risk score increases |
+| `--break-by-scanner-type` | Only break for specific scanner type |
+
+#### Project Creation Flags
+
+Automatically create projects during scan:
+
+| Flag | Short | Description |
+|------|-------|-------------|
+| `--create-project` | - | Create project if not found |
+| `--project-name` | - | Name for new project |
+| `--repo-id` | `-r` | Repository URL or ID |
+| `--alm-tool` | - | ALM tool name (e.g., `github`, `gitlab`) |
+| `--team` | `-T` | Team name |
+| `--labels` | `-l` | Comma-separated labels |
+| `--product-name` | `-P` | Product name |
+| `--default-branch` | - | Default branch | `main` |
+| `--disable-clone` | - | Disable repository cloning |
+| `--criticality-level` | - | Business criticality: 4=Major, 3=High, 2=Medium, 1=Low, 0=None, -1=Auto |
+| `--feature-branch-retention` | - | Days to retain feature branches |
+| `--feature-branch-infinite-retention` | - | Never delete feature branches |
+| `--scope-include-empty` | - | Include vulnerabilities with no path |
+| `--scope-included-paths` | - | Comma-separated paths for mono-repo scoping |
+| `--scope-included-files` | - | Comma-separated file names for scoping |
+
+#### Custom Parameters
+
+| Flag | Description |
+|------|-------------|
+| `--params` | Custom scanner parameters (format: `key:value`) |
+| `--incremental-scan` | `-i` | Enable incremental scanning (Semgrep only) |
+
+#### Scan Examples
+
+**1. Restart an existing scan by scan ID:**
+```shell
+kdt scan -s 5da6cafa5ab6e436faf643dc
+```
-This section provides an overview of key KDT commands, including instructions on how to list projects, list project scans, check ALM project availability, restart a scan, and import scan results.
+**2. Trigger scan with project and tool:**
+```shell
+kdt scan -p MyProject -t semgrep -b main
+```
-### Listing Projects
+**3. Import scan results from file:**
+```shell
+kdt scan -p MyProject -t checkmarx -b develop -f results.xml
+```
-To retrieve a list of all projects, utilize the following command:
+**4. Scan with thresholds (break build):**
+```shell
+kdt scan -p MyProject -t trivy -b main \
+ --threshold-crit 0 \
+ --threshold-high 5 \
+ --threshold-med 10
+```
+**5. Async scan (non-blocking):**
```shell
-$ kdt list projects
+kdt scan -p MyProject -t gosec -b main --async
```
-### Listing Scans for a Specific Project
+**6. Container image scan:**
+```shell
+kdt scan -p MyProject -t trivy \
+ --image myapp:latest \
+ -b main
+```
-To list all scans associated with a specific project, use the command below. Remember to replace "ExampleProject" with the name of your project:
+**7. Pull request scan:**
+```shell
+kdt scan -p MyProject -t semgrep \
+ -b feature/new-feature \
+ -M main \
+ --pr-number 123
+```
+**8. Fork scan (feature branch vs default):**
```shell
-$ kdt list scans -p ExampleProject
+kdt scan -p MyProject -t semgrep \
+ -b feature/test \
+ --fork-scan \
+ --env feature
```
-### Checking ALM Project Availability
+**9. Create project and scan:**
+```shell
+kdt scan -p NewProject -t semgrep -b main \
+ --create-project \
+ --repo-id https://github.com/org/repo \
+ --alm-tool github \
+ --team security
+```
-The command below checks the availability of an ALM project. The `$ALM_TOOL` placeholder should be replaced with the name of your ALM tool, and the `$PROJECT_ID` placeholder with your project ID.
+**10. Custom parameters:**
+```shell
+kdt scan -p MyProject -t semgrep -b develop \
+ --params=ruleset_type:2 \
+ --params=ruleset_options.ruleset:/custom/rules/
+```
+**11. Risk threshold (prevent regression):**
```shell
-$ kdt project available -a $ALM_TOOL -r $PROJECT_ID
+kdt scan -p MyProject -t sonarqube -b main --threshold-risk
```
-The command will return an exit code of 0 if the project is available, and an exit code of -1 (255) if the project is not available.
+**12. Incremental scan (Semgrep):**
+```shell
+kdt scan -p MyProject -t semgrep -b main \
+ -f semgrep-results.json \
+ --incremental-scan
+```
-### Restarting a Scan
+### Release Command
-There are two options to restart a scan:
+Check if a project passes release criteria.
-1. Using the scan ID:
+#### Release Flags
- ```shell
- $ kdt scan -s 5da6cafa5ab6e436faf643dc
- ```
+| Flag | Short | Description |
+|------|-------|-------------|
+| `--project` | `-p` | Project name or ID (required) |
+| `--branch` | `-b` | Branch name (default: project's default branch) |
+| `--timeout` | - | Minutes to wait for criteria check | `5` |
+| `--sast` | - | Check SAST criteria |
+| `--dast` | - | Check DAST criteria |
+| `--sca` | - | Check SCA criteria |
+| `--iac` | - | Check IaC criteria |
+| `--cs` | - | Check Code Security criteria |
+| `--iast` | - | Check IAST criteria |
+| `--pentest` | - | Check Penetration Testing criteria |
+| `--mast` | - | Check MAST criteria |
+| `--sbom` | - | Check SBOM criteria |
-2. Using the project and tool names:
+#### Release Examples
- ```shell
- $ kdt scan -p ExampleProject -t ExampleTool
- ```
+**1. Check all release criteria:**
+```shell
+kdt release -p MyProject -b main
+```
-### Importing Scan Results
+**2. Check specific criteria only:**
+```shell
+kdt release -p MyProject -b main --sast --sca
+```
-To import scan results as a file, use the following command:
+**3. With verbose output:**
+```shell
+kdt -v release -p MyProject -b main --sast --dast
+```
+**4. With custom timeout:**
```shell
-$ kdt scan -p ExampleProject -t ExampleTool -b master -f results.json
+kdt release -p MyProject -b main --timeout 10
```
-## Command Line Flags
+### List Commands
-KDT offers a range of useful flags to streamline the management of scans. These include both global flags, applicable to all KDT commands, and command-specific flags.
+#### List Projects
-### Global Flags
+```shell
+kdt list projects
+```
-The following flags can be applied across all KDT commands:
+#### List Scans
-- `--host`: Defines the HTTP address of the Kondukto server, including the port.
+**Flags:**
+- `-p, --project`: Project name or ID (required)
-- `--token`: Specifies the API token generated by Kondukto.
+**Example:**
+```shell
+kdt list scans -p MyProject
+```
-- `--config`: Points to the configuration file to use, superseding the default one (`$HOME/.kdt.yaml`).
+#### List Scanners
-- `--async`: Initiates an asynchronous scan that won't block the process while waiting for the scan to complete. KDT will exit gracefully once the scan has successfully started.
+View all available scanners:
+```shell
+kdt list scanners
+```
-- `--insecure`: Bypasses the client's verification of the server's certificates and host name. Please note that this mode exposes TLS to potential man-in-the-middle attacks. It is not recommended unless you fully understand the potential risks.
+**Example output:**
+```
+Name ID Type Trigger Labels
+---- -- ---- ------- ------
+gosec 60eec8a83e9e5e6e2ae52d06 sast new scan docker,kdt
+semgrep 60eec8a53e9e5e6e2ae52d05 sast rescan template,docker,kdt
+trivy 60eec8a73e9e5e6e2ae52d07 sca new scan docker,kdt,container
+```
-- `-v` or `--verbose`: Enables verbose output, providing more detailed logs. This flag is particularly useful for debugging purposes.
+#### List Agents
-### Scan Command Flags
+```shell
+kdt list agents
+```
-The following flags are exclusive to the scan commands:
+#### List Products
-- `-p` or `--project`: Specifies the project name or ID.
+```shell
+kdt list products
+```
-- `-t` or `--tool`: Specifies the tool name.
+### Create Commands
+
+#### Create Project
+
+**Flags:**
+
+| Flag | Short | Description |
+|------|-------|-------------|
+| `--repo-id` | `-r` | Repository URL or ID (required) |
+| `--project-name` | - | Project name |
+| `--alm-tool` | `-a` | ALM tool name |
+| `--team` | `-t` | Team name |
+| `--labels` | `-l` | Comma-separated labels |
+| `--product-name` | `-P` | Product name |
+| `--force-create` | - | Create with suffix if name exists |
+| `--overwrite` | `-w` | Overwrite existing project |
+| `--default-branch` | - | Default branch | `main` |
+| `--disable-clone` | - | Disable repository cloning |
+| `--fork-source` | - | Source branch for feature branches |
+| `--criticality-level` | - | Business criticality (0-4, -1=Auto) |
+| `--feature-branch-retention` | - | Days to retain feature branches |
+| `--feature-branch-infinite-retention` | - | Never delete feature branches |
+| `--scope-include-empty` | - | Include vulnerabilities with no path |
+| `--scope-included-paths` | - | Paths for mono-repo scoping |
+| `--scope-included-files` | - | File names for scoping |
+
+**Examples:**
+
+**1. Create project from repository:**
+```shell
+kdt create project \
+ --repo-id https://github.com/kondukto-io/kdt \
+ --alm-tool github \
+ --labels GDPR,Internal \
+ --team security
+```
-- `-s` or `--scan-id`: Indicates the scan ID.
+**2. Create with custom name:**
+```shell
+kdt create project \
+ --repo-id https://gitlab.com/org/app \
+ --project-name MyCustomName \
+ --alm-tool gitlab \
+ --default-branch develop
+```
-- `-b` or `--branch`: Designates the branch to be scanned.
+**3. Create with product:**
+```shell
+kdt create project \
+ --repo-id https://github.com/org/repo \
+ --alm-tool github \
+ --product-name "Mobile_Apps" \
+ --criticality-level 4
+```
-Please note that these flags are only applicable for scan commands.
+**4. Mono-repo with scoping:**
+```shell
+kdt create project \
+ --repo-id https://github.com/org/monorepo \
+ --project-name backend-api \
+ --alm-tool github \
+ --scope-included-paths "services/api,shared/common" \
+ --scope-included-files "package.json,go.mod"
+```
-#### Additional Note
-If these flags are used in conjunction with the `-v` (verbose) flag, more detailed information about the scan will be provided.
+#### Create Team
-### Release Command Flags
+**Flags:**
+- `-n, --name`: Team name (required)
+- `-r, --responsible`: Responsible user name
-The following flags are specific to the release commands:
+**Example:**
+```shell
+kdt create team --name "security-team" --responsible "john.doe"
+```
-- `-p` or `--project`: Specifies the project name or ID.
+#### Create Label
-- `-b` or `--branch`: Specifies the project branch name, default is the project's default branch.
+**Flags:**
+- `-n, --name`: Label name (required)
+- `-c, --color`: Label color in hex format (default: `000000`)
-- `--cs`: Processes CS (Code Security) criteria status.
+**Examples:**
+```shell
+# Create label with default color
+kdt create label --name "GDPR"
-- `--dast`: Processes DAST (Dynamic Application Security Testing) criteria status.
+# Create label with custom color
+kdt create label --name "Critical" --color "FF0000"
+```
-- `--iac`: Processes IAC (Infrastructure as Code) criteria status.
+#### Create Product
-- `--iast`: Processes IAST (Interactive Application Security Testing) criteria status.
+**Flags:**
+- `-n, --name`: Product name (required)
+- `-p, --projects`: Comma-separated project names or IDs
-- `--pentest`: Processes Penetration Testing criteria status.
+**Examples:**
+```shell
+# Create empty product
+kdt create product --name "mobile-apps"
-- `--sast`: Processes SAST (Static Application Security Testing) criteria status.
+# Create product with projects
+kdt create product --name "web-services" --projects "api-service,web-app,auth-service"
+```
-- `--sca`: Processes SCA (Software Composition Analysis) criteria status.
+### SBOM Commands
-Please note that these flags are only valid for release commands.
+#### Import SBOM
-#### Additional Note
-If these flags are used in conjunction with the `-v` (verbose) flag, more detailed information about the criteria status of the release will be provided.
+Import Software Bill of Materials (CycloneDX format).
-### Threshold Flags
+**Flags:**
-The following flags represent thresholds for the maximum number of vulnerabilities, of a specified severity, to be ignored. Should these thresholds be exceeded, KDT will terminate with a non-zero status code.
+| Flag | Short | Description |
+|------|-------|-------------|
+| `--file` | `-f` | SBOM file path (JSON format, required) |
+| `--project` | `-p` | Project name or ID |
+| `--repo-id` | `-r` | Repository URL or ID |
+| `--branch` | `-b` | Branch name |
+| `--sbom-type` | `-s` | Type: `source_dir`, `image`, `application`, `os`, `container` |
+| `--allow-empty` | `-a` | Allow empty components |
-- `--threshold-crit`: Defines the threshold for critical severity vulnerabilities.
+**Examples:**
-- `--threshold-high`: Sets the threshold for high severity vulnerabilities.
+**1. Import SBOM for project:**
+```shell
+kdt sbom import \
+ -f cyclonedx-sbom.json \
+ -p MyProject \
+ -b main
+```
-- `--threshold-med`: Establishes the threshold for medium severity vulnerabilities.
+**2. Import with specific type:**
+```shell
+kdt sbom import \
+ -f sbom.json \
+ -p MyProject \
+ -b main \
+ --sbom-type image
+```
-- `--threshold-low`: Determines the threshold for low severity vulnerabilities.
+**3. Import using repository ID:**
+```shell
+kdt sbom import \
+ -f sbom.json \
+ --repo-id https://github.com/org/repo \
+ -b main
+```
+
+### Endpoint Commands
-- `--threshold-risk`: Sets the risk threshold for failing tests if the scan results in a higher risk score than the previous scan's risk score. This flag is useful for maintaining a project's security level. If used with every scan in DevOps pipelines, it ensures the project's vulnerability does not increase.
+#### Import Endpoint
-Please note that the risk threshold only considers the last two scans performed with the same tool. If the project has not been scanned with the tool, KDT will fail as it cannot compare risk scores. Also, these threshold flags do not function with the `--async` flag since KDT will exit when the scan begins, and thus cannot check scan results.
+Import API endpoint definitions (Swagger/OpenAPI).
-#### Example Usage:
+**Flags:**
-The following command scans the project "SampleProject" with the tool "SampleTool", setting thresholds for critical vulnerabilities at 3, high vulnerabilities at 10, and considering the risk:
+| Flag | Short | Description |
+|------|-------|-------------|
+| `--file` | `-f` | Endpoint file path (required) |
+| `--project` | `-p` | Project name or ID (required) |
+**Example:**
```shell
-$ kdt scan -p SampleProject -t SampleTool --threshold-crit 3 --threshold-high 10 --threshold-risk
+kdt endpoint import -f swagger.json -p MyProject
```
-## Supported Scanners (Tools)
+### Status Command
+
+Query project status and vulnerability counts.
+
+**Flags:**
-KDT is designed to support all scanners enabled in the Kondukto server. The list of available scanners is dynamically updated as new tools are added, ensuring KDT remains adaptable and scalable to your scanning needs.
+| Flag | Short | Description |
+|------|-------|-------------|
+| `--project` | `-p` | Project name or ID |
+| `--branch` | `-b` | Branch name |
+| `--event` | `-e` | Event ID |
+| `--threshold-crit` | - | Critical threshold |
+| `--threshold-high` | - | High threshold |
+| `--threshold-med` | - | Medium threshold |
+| `--threshold-low` | - | Low threshold |
+| `--threshold-risk` | - | Risk threshold |
-To view the currently available scanners, use the `kdt list scanners` command:
+**Examples:**
+**1. Get project status:**
```shell
-kdt --config kondukto.yaml list scanners
+kdt status -p MyProject -b main
```
-Example output:
-
+**2. Check status with thresholds:**
```shell
-Name ID Type Trigger Labels
----- -- ---- ------- ------
-gosec 60eec8a83e9e5e6e2ae52d06 sast new scan docker,kdt
-semgrep 60eec8a53e9e5e6e2ae52d05 sast rescan template,docker,kdt
+kdt status -p MyProject -b main \
+ --threshold-crit 0 \
+ --threshold-high 5
```
-This output provides a summary of each available scanner, including its name, ID, type, trigger mechanism, and any associated labels.
+**3. Query by event ID:**
+```shell
+kdt status -e 5da6cafa5ab6e436faf643dc
+```
-Please note that the actual list of supported scanners can vary as new tools are regularly added to improve the capabilities of KDT.
+### Project Commands
-### Custom Parameters
-For some tools the default behaviour of KDT is re-triggering or re-scanning of an existing scan. This means that, there should be a configured scan on Kondukto for KDT to run re-run this operation
-from the CLI. However, by passing some custom arguments to the scanner, Kondukto server can create and start a scan without having a configuration.
+#### Check Project Availability
-The scanners that supports customer parameters are shown with `--params` arguments.
-A customized scan example:
-```
-# Run a scan using semgrep on a develop branch
-# with a custom rule path
-kdt scan -p SampleProject \
- -b develop -t semgrep \
- --params=ruleset_type:2 --params=ruleset_options.ruleset:/rules/
-```
+Check if a project exists in ALM.
-## Advanced Usage Examples
+**Flags:**
-KDT can be utilized in various ways within your pipeline. The following example demonstrates an advanced use case:
+| Flag | Short | Description |
+|------|-------|-------------|
+| `--alm-tool` | `-a` | ALM tool name |
+| `--repo-id` | `-r` | Repository URL or ID |
+**Example:**
```shell
-$ kdt --config kondukto-config.yml \
- --insecure \
- scan \
- --project SampleProject \
- --tool fortify \
- --file results.fpr \
- --branch develop \
- --threshold-crit 0 \
- --threshold-high 0
+kdt project available \
+ --alm-tool github \
+ --repo-id https://github.com/kondukto-io/kdt
```
-In this command:
+Returns exit code 0 if available, -1 (255) if not.
-- `--config`: Specifies the Kondukto configuration file in yaml format.
+## Advanced Usage Examples
-- `--insecure`: Indicates not to verify SSL certificates.
+### CI/CD Pipeline Integration
-- `scan`: Initiates a scan.
+#### GitHub Actions
-- `--project`: Defines the name of the application on the Kondukto server.
+```yaml
+- name: Run Security Scan
+ run: |
+ kdt scan \
+ -p ${{ github.event.repository.name }} \
+ -t semgrep \
+ -b ${{ github.ref_name }} \
+ --threshold-crit 0 \
+ --threshold-high 10
+```
-- `--tool`: Specifies the AST (Application Security Testing) tool to be used, in this case, 'fortify'.
+#### GitLab CI
-- `--file`: Determines the result filename. When this parameter is given, the scan will not be initiated, and only the results file (results.fpr) will be analyzed.
+```yaml
+security_scan:
+ script:
+ - kdt scan -p ${CI_PROJECT_NAME} -t trivy -b ${CI_COMMIT_BRANCH} --threshold-crit 0
+```
-- `--branch`: Specifies the branch name.
+#### Jenkins
+
+```groovy
+stage('Security Scan') {
+ steps {
+ sh '''
+ kdt scan \
+ -p ${JOB_NAME} \
+ -t checkmarx \
+ -b ${GIT_BRANCH} \
+ --threshold-crit 0 \
+ --threshold-high 5
+ '''
+ }
+}
+```
-- `--threshold-crit`: Sets the critical severity threshold value to "break the build" in the pipeline. When this parameter is provided, the entered security criteria will be overwritten.
+### Complex Workflow Examples
----
+#### 1. Complete DevSecOps Pipeline
```shell
-$ kdt --config kondukto-config.yml \
- scan \
- --project SampleProject \
- --tool trivy \
- --image ubuntu@256:ab02134176aecfe0c0974ab4d3db43ca91eb6483a6b7fe6556b480489edd04a1 \
- --branch develop
+# Import scan results from local tool
+kdt scan -p MyProject -t fortify -f results.fpr -b develop \
+ --threshold-crit 0 --threshold-high 0
+
+# Check release criteria
+kdt release -p MyProject -b develop --sast --sca --dast
```
-In this command:
+#### 2. Container Security Workflow
-- `--config`: Specifies the Kondukto configuration file in yaml format.
+```shell
+# Scan container image
+kdt scan -p MyProject -t trivy \
+ --image myapp:${VERSION} \
+ -b main \
+ --threshold-crit 0
+
+# Import SBOM
+kdt sbom import -f sbom.json -p MyProject -b main --sbom-type container
+```
-- `scan`: Initiates a scan.
+#### 3. Pull Request Workflow
-- `--project`: Defines the name of the application on the Kondukto server.
+```shell
+# Trigger PR scan
+kdt scan -p MyProject -t semgrep \
+ -b feature/new-feature \
+ -M main \
+ --pr-number ${PR_NUMBER} \
+ --pr-decoration-scanner-types all
+```
-- `--tool`: Specifies the AST (Application Security Testing) tool to be used, in this case, 'trivy'.
+#### 4. Multi-Environment Setup
-- `--image`: Identifies the image to be scanned. The image name can be given with the digest or with the tag name (e.g., ubuntu:latest).
+```shell
+# Development
+kdt scan -p MyProject -t semgrep -b develop --env develop
-- `--branch`: Specifies the branch name.
+# Staging
+kdt scan -p MyProject -t sonarqube -b staging --env staging \
+ --threshold-high 10
----
+# Production
+kdt scan -p MyProject -t checkmarx -b main --env production \
+ --threshold-crit 0 --threshold-high 0 \
+ --release-timeout 10
+```
-The following example illustrates how to create a new project using KDT:
+#### 5. Custom Parameters for Advanced Configuration
```shell
-$ kdt --config kondukto-config.yml \
- create \
- project \
- --repo-id https://github.com/kondukto-io/kdt \
- --labels GDPR,Internal \
- --alm-tool github
+# Semgrep with custom rules
+kdt scan -p MyProject -t semgrep -b main \
+ --params=ruleset_type:2 \
+ --params=ruleset_options.ruleset:/custom/rules/ \
+ --params=ruleset_options.config:auto
+
+# Container scan with custom registry
+kdt scan -p MyProject -t trivy \
+ --image registry.example.com/myapp:latest \
+ --params=registry.username:user \
+ --params=registry.password:pass
```
-In this command:
+## Exit Codes
-- `--config`: Specifies the Kondukto configuration file in yaml format.
+KDT uses the following exit codes:
-- `create`: Acts as the base command for the create operation.
+| Code | Meaning |
+|------|---------|
+| `0` | Success |
+| `1` | General error |
+| `2` | Warning |
+| `100` | Not authorized |
+| `-1` (255) | Negative response (e.g., project not available) |
-- `project`: Acts as a subcommand to create a new project.
+## Supported Scanners
-- `--repo-id`: Specifies the project repository URL or ALM ID.
+KDT supports all scanners enabled in your Invicti ASPM instance. To view available scanners:
-- `--labels`: Associates the project with a list of labels.
+```shell
+kdt list scanners
+```
-- `--alm-tool`: Specifies the ALM (Application Lifecycle Management) tool. This is required if more than one ALM is enabled in Kondukto.
+## Troubleshooting
-Additional flags that can be set include:
+### Enable Verbose Logging
-- `--team`: Specifies a team name. By default, the team name is 'default team'.
+```shell
+kdt -v scan -p MyProject -t semgrep -b main
+```
-- `--force-create`: Creates a project with a suffix `-` if there is another project with the same name.
+### Test Connection
-- `--overwrite`: Overwrites the project name, eliminating the need to add a `-` suffix.
+```shell
+kdt ping
+kdt ping -a # With authentication
+```
-This command creates a project on Kondukto that matches the name in your ALM tool. If a project with the same name already exists, the command will print an error message and exit with a status code. You can pass the `--force-create` flag to create a project with a suffix `-`, or pass the `--overwrite` flag to overwrite the project name.
+### Verify Configuration
----
+```shell
+# Check if host and token are set
+echo $INVICTI_ASPM_HOST
+echo $INVICTI_ASPM_TOKEN
+# Or use a test command
+kdt list projects
```
-kdt --config kondukto-config.yml \
- sbom import \
- --file cyclonedx-sbom.json \
- --project SampleProject \
- --branch develop
-```
-- --config: Kondukto configuration file in yaml format
-- sbom import: Subcommand to import a Software Bill of Materials (SBOM) file
-- --file: The CycloneDX SBOM output file in JSON format
-- --project: The name or ID of the project in the Kondukto server
-- --branch: The name of the branch of the application
-This command allows you to update a previously generated SBOM file in the Kondukto system. Please note that currently, only the [CycloneDX](https://cyclonedx.org/) standard is supported for SBOM files.
+## Contributing
----
+Contributions to KDT are welcome! Here's how you can contribute:
-## Contributing to KDT
+### Reporting Issues
-Contributions to the KDT project are highly appreciated. Whether you're reporting issues, suggesting new features, or directly helping with development, your input is valuable.
+Create an issue in the [GitHub repository](https://github.com/kondukto-io/kdt/issues) with:
+- Clear description of the issue
+- Steps to reproduce
+- Expected vs actual behavior
+- KDT version (`kdt version`)
-Here's how you can contribute:
+### Pull Requests
-- Report issues or suggest new features by creating a new issue in the repository.
+1. Fork the repository
+2. Create a feature/bugfix branch following [Git Flow](https://nvie.com/posts/a-successful-git-branching-model/):
+ - Features: `feature/example-feature`
+ - Bugfixes: `bugfix/example-bugfix`
+3. Write idiomatic Go code
+4. Document exported functions
+5. Write detailed PR description
+6. Ensure tests pass
-- Contribute directly to the codebase by forking the repository and creating pull requests.
+### Development Setup
-Before submitting your pull requests, please adhere to the following guidelines:
+```shell
+git clone https://github.com/kondukto-io/kdt.git
+cd kdt
+go mod download
+go build -o kdt
+./kdt --help
+```
-- Create and name your branches according to the [Git Flow](https://nvie.com/posts/a-successful-git-branching-model/) methodology.
- - For new features: `feature/example-feature-branch`
- - For bug fixes: `bugfix/example-bugfix-branch`
+## License
-- Ensure that your code is properly documented, following idiomatic [Go](https://golang.org) practices. Exported functions should always be commented.
+See the [LICENSE](LICENSE) file for details.
-- Write detailed PR descriptions and comments. This helps maintainers understand your changes and speeds up the review process.
+## Support
-Thank you for helping to improve KDT!
+- Documentation: [https://docs.kondukto.io](https://docs.kondukto.io)
+- Issues: [GitHub Issues](https://github.com/kondukto-io/kdt/issues)
+- Website: [https://kondukto.io](https://kondukto.io)
diff --git a/client/agents.go b/client/agents.go
index 8cc88f6..fb5f1ae 100644
--- a/client/agents.go
+++ b/client/agents.go
@@ -1,5 +1,6 @@
/*
-Copyright © 2021 Kondukto
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package client
diff --git a/client/client.go b/client/client.go
index 65a7da0..03edec8 100755
--- a/client/client.go
+++ b/client/client.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package client
@@ -39,7 +39,7 @@ type Client struct {
BaseURL *url.URL
}
-type KonduktoError struct {
+type InvictiASPMError struct {
Error string `json:"error"`
}
@@ -127,7 +127,7 @@ func (c *Client) do(req *http.Request, v interface{}) (*http.Response, error) {
return resp, nil
}
- var e KonduktoError
+ var e InvictiASPMError
if err = json.Unmarshal(data, &e); err != nil {
return nil, fmt.Errorf("failed to parse error message: %v: %s", err, string(data))
}
diff --git a/client/client_test.go b/client/client_test.go
index 395e1f6..500ef3d 100755
--- a/client/client_test.go
+++ b/client/client_test.go
@@ -1,7 +1,8 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
+
package client
import (
diff --git a/client/healthcheck.go b/client/healthcheck.go
index 2f6c4a9..fa980a2 100644
--- a/client/healthcheck.go
+++ b/client/healthcheck.go
@@ -1,11 +1,11 @@
/*
-Copyright © 2023 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package client
-// HealthCheck is a healthcheck for Kondukto service
+// HealthCheck is a health check for the Invicti ASPM service
// Requires a valid API token
func (c *Client) HealthCheck() error {
req, err := c.newRequest("GET", "/api/v2/health/check", nil)
@@ -21,7 +21,7 @@ func (c *Client) HealthCheck() error {
return nil
}
-// Ping is a healthcheck for Kondukto service
+// Ping is a health check for the Invicti ASPM service
// Does not require a valid API token
func (c *Client) Ping() error {
req, err := c.newRequest("GET", "/core/version", nil)
diff --git a/client/label.go b/client/label.go
index a331cfc..262465c 100644
--- a/client/label.go
+++ b/client/label.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2023 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package client
diff --git a/client/products.go b/client/products.go
index 9ac7a18..982bfc2 100755
--- a/client/products.go
+++ b/client/products.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package client
diff --git a/client/projects.go b/client/projects.go
index 0609c1c..9c2086b 100755
--- a/client/projects.go
+++ b/client/projects.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package client
diff --git a/client/scanners.go b/client/scanners.go
index 7b31ffe..ae880c6 100644
--- a/client/scanners.go
+++ b/client/scanners.go
@@ -1,5 +1,6 @@
/*
-Copyright © 2021 Kondukto
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package client
@@ -220,7 +221,7 @@ func (c *Client) IsValidTool(tool string) (*ScannerInfo, bool) {
var scanner = scanners.ActiveScanners[0]
if scanner.Disabled {
- klog.Printf("the scanner [%s] is disabled on the Kondukto", tool)
+ klog.Printf("the scanner [%s] is disabled on the Invicti ASPM", tool)
return nil, false
}
diff --git a/client/scanparams.go b/client/scanparams.go
index 51f7fef..932659a 100644
--- a/client/scanparams.go
+++ b/client/scanparams.go
@@ -1,5 +1,6 @@
/*
-Copyright © 2021 Kondukto
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package client
diff --git a/client/scans.go b/client/scans.go
index a9d823c..e2dd629 100755
--- a/client/scans.go
+++ b/client/scans.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package client
@@ -116,7 +116,7 @@ type (
AgentID string `json:"agent_id,omitempty"`
// PR is holding detail of pull requests branches to be scanned
PR PRInfo `json:"pr"`
- // Custom is holding custom type of scanners that specified on the Kondukto side
+ // Custom is holding custom type of scanners that specified on the Invicti ASPM side
Custom Custom `json:"custom"`
// MetaData is holding value of scanparam meta-data
MetaData string `json:"meta_data"`
diff --git a/client/team.go b/client/team.go
index 7523d6c..87da2f1 100644
--- a/client/team.go
+++ b/client/team.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2023 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package client
diff --git a/cmd/create.go b/cmd/create.go
index 7b70b2d..24aa30c 100644
--- a/cmd/create.go
+++ b/cmd/create.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2021 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
diff --git a/cmd/createLabel.go b/cmd/createLabel.go
index 7e3a62d..86de312 100644
--- a/cmd/createLabel.go
+++ b/cmd/createLabel.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2023 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
@@ -16,7 +16,7 @@ import (
// createLabelCmd represents the create project command
var createLabelCmd = &cobra.Command{
Use: "label",
- Short: "creates a new label on Kondukto",
+ Short: "creates a new label on Invicti ASPM",
Run: createLabelRootCommand,
}
@@ -30,7 +30,7 @@ func init() {
func createLabelRootCommand(cmd *cobra.Command, _ []string) {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
labelName, err := cmd.Flags().GetString("name")
diff --git a/cmd/createProducts.go b/cmd/createProducts.go
index be9d2de..402762e 100644
--- a/cmd/createProducts.go
+++ b/cmd/createProducts.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2021 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
@@ -20,7 +20,7 @@ import (
// createProductCmd represents the create product command
var createProductCmd = &cobra.Command{
Use: "product",
- Short: "creates a new product on Kondukto",
+ Short: "creates a new product on Invicti ASPM",
Run: createProductsRootCommand,
}
@@ -28,7 +28,7 @@ func init() {
createCmd.AddCommand(createProductCmd)
createProductCmd.Flags().StringP("name", "n", "", "product name")
- createProductCmd.Flags().StringP("projects", "p", "", "comma separated name or id of kondukto projects")
+ createProductCmd.Flags().StringP("projects", "p", "", "comma-separated name or ID of Invicti ASPM projects")
}
type Product struct {
@@ -40,7 +40,7 @@ type Product struct {
func createProductsRootCommand(cmd *cobra.Command, _ []string) {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
var p = Product{
diff --git a/cmd/createProjects.go b/cmd/createProjects.go
index 4b09eb2..657de05 100644
--- a/cmd/createProjects.go
+++ b/cmd/createProjects.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2021 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
@@ -19,7 +19,7 @@ import (
// createProjectCmd represents the create project command
var createProjectCmd = &cobra.Command{
Use: "project",
- Short: "creates a new project on Kondukto",
+ Short: "creates a new project on Invicti ASPM",
Run: createProjectsRootCommand,
}
@@ -28,7 +28,7 @@ func init() {
createProjectCmd.Flags().String("project-name", "", "name of the project")
createProjectCmd.Flags().Int("criticality-level", 0, "business criticality of the project, possible values are [ 4 = Major, 3 = High, 2 = Medium, 1 = Low, 0 = None, -1 = Auto ]. Default is [0]")
- createProjectCmd.Flags().Bool("force-create", false, "ignore if the URL is used by another Kondukto project")
+ createProjectCmd.Flags().Bool("force-create", false, "ignore if the URL is used by another Invicti ASPM project")
createProjectCmd.Flags().StringP("overwrite", "w", "", "rename the project name when creating a new project")
createProjectCmd.Flags().StringP("labels", "l", "", "comma separated label names")
createProjectCmd.Flags().StringP("team", "t", "", "project team name")
@@ -41,8 +41,8 @@ func init() {
createProjectCmd.Flags().Bool("feature-branch-infinite-retention", false, "Sets an infinite retention for project feature branches. Overrides --feature-branch-retention flag when set to true.")
createProjectCmd.Flags().String("default-branch", "main", "sets the default branch for the project. When repo-id is given, this will be overridden by the repository's default branch.")
createProjectCmd.Flags().Bool("scope-include-empty", false, "enable to include SAST, SCA and IAC vulnerabilities with no path in this project.")
- createProjectCmd.Flags().String("scope-included-paths", "", "a comma separated list of paths within your mono-repo so that Kondukto can decide on the SAST, SCA and IAC vulnerabilities to include in this project.")
- createProjectCmd.Flags().String("scope-included-files", "", "a comma separated list of file names Kondukto should check for in vulnerabilities alongside paths")
+ createProjectCmd.Flags().String("scope-included-paths", "", "a comma-separated list of paths within your mono-repo so that Invicti ASPM can decide on the SAST, SCA, and IAC vulnerabilities to include in this project")
+ createProjectCmd.Flags().String("scope-included-files", "", "a comma-separated list of file names Invicti ASPM should check for in vulnerabilities alongside paths")
}
type Project struct {
@@ -54,7 +54,7 @@ type Project struct {
func createProjectsRootCommand(cmd *cobra.Command, _ []string) {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
var p = Project{
diff --git a/cmd/createTeam.go b/cmd/createTeam.go
index 7f4e6ae..af1749b 100644
--- a/cmd/createTeam.go
+++ b/cmd/createTeam.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2023 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
@@ -18,7 +18,7 @@ import (
// createTeamCmd represents the create project command
var createTeamCmd = &cobra.Command{
Use: "team",
- Short: "creates a new team on Kondukto",
+ Short: "creates a new team on Invicti ASPM",
Run: createTeamRootCommand,
}
@@ -32,7 +32,7 @@ func init() {
func createTeamRootCommand(cmd *cobra.Command, _ []string) {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
teamName, err := cmd.Flags().GetString("name")
diff --git a/cmd/endpoint.go b/cmd/endpoint.go
index c9843ac..78fef8e 100644
--- a/cmd/endpoint.go
+++ b/cmd/endpoint.go
@@ -3,6 +3,7 @@ package cmd
import (
"errors"
"fmt"
+
"github.com/spf13/cobra"
"github.com/kondukto-io/kdt/client"
@@ -18,7 +19,7 @@ var endpointCmd = &cobra.Command{
// importEndpointCmd represents the endpoint import command
var importEndpointCmd = &cobra.Command{
Use: "import",
- Short: "imports endpoint file to Kondukto",
+ Short: "imports endpoint file to Invicti ASPM",
RunE: importEndpointRootCommand,
PreRunE: func(cmd *cobra.Command, args []string) error {
if !cmd.Flags().Changed("file") {
@@ -36,7 +37,7 @@ func init() {
endpointCmd.AddCommand(importEndpointCmd)
importEndpointCmd.Flags().StringP("file", "f", "", "endpoint file to be imported")
- importEndpointCmd.Flags().StringP("project", "p", "", "Kondukto project id or name")
+ importEndpointCmd.Flags().StringP("project", "p", "", "Invicti ASPM project ID or name")
_ = importEndpointCmd.MarkFlagRequired("file")
_ = importEndpointCmd.MarkFlagRequired("project")
@@ -45,7 +46,7 @@ func init() {
func importEndpointRootCommand(cmd *cobra.Command, args []string) error {
c, err := client.New()
if err != nil {
- return fmt.Errorf("could not initialize Kondukto client: %w", err)
+ return fmt.Errorf("could not initialize Invicti ASPM client: %w", err)
}
file, err := cmd.Flags().GetString("file")
diff --git a/cmd/healthcheck.go b/cmd/healthcheck.go
index 749a129..27d652f 100644
--- a/cmd/healthcheck.go
+++ b/cmd/healthcheck.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2023 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
@@ -15,14 +15,14 @@ import (
)
// ping represents the ping command
-// check if the kondukto service is up and running
+// check if the Invicti ASPM service is up and running
var ping = &cobra.Command{
Use: "ping",
- Short: "check kondukto service up and running",
+ Short: "check Invicti ASPM service is up and running",
Run: func(cmd *cobra.Command, args []string) {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
if authorize, _ := cmd.Flags().GetBool("auth"); authorize {
@@ -31,7 +31,7 @@ var ping = &cobra.Command{
err = c.Ping()
}
if err != nil {
- qwe(ExitCodeError, err, "could not connect to kondukto service")
+ qwe(ExitCodeError, err, "could not connect to Invicti ASPM service")
}
fmt.Println("OK")
diff --git a/cmd/list.go b/cmd/list.go
index 6a43f0b..5f6cf6b 100755
--- a/cmd/list.go
+++ b/cmd/list.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
diff --git a/cmd/listAgents.go b/cmd/listAgents.go
index 832a07d..49910c0 100644
--- a/cmd/listAgents.go
+++ b/cmd/listAgents.go
@@ -12,12 +12,12 @@ var listAgentsCmd = &cobra.Command{
Run: func(cmd *cobra.Command, args []string) {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
activeAgents, err := c.ListActiveAgents(nil)
if err != nil {
- qwe(ExitCodeError, err, "could not get Kondukto active agents")
+ qwe(ExitCodeError, err, "could not get Invicti ASPM active agents")
}
agentRows := []Row{
diff --git a/cmd/listProducts.go b/cmd/listProducts.go
index 8c05501..e43e87c 100755
--- a/cmd/listProducts.go
+++ b/cmd/listProducts.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
@@ -14,7 +14,7 @@ import (
// listProductsCmd represents the listProductsCmd command
var listProductsCmd = &cobra.Command{
Use: "products",
- Short: "lists products in Kondukto",
+ Short: "lists products in Invicti ASPM",
Run: productsRootCommand,
}
@@ -27,7 +27,7 @@ func init() {
func productsRootCommand(cmd *cobra.Command, args []string) {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
name, err := cmd.Flags().GetString("name")
diff --git a/cmd/listProjects.go b/cmd/listProjects.go
index 0cb32a5..0f49d4c 100755
--- a/cmd/listProjects.go
+++ b/cmd/listProjects.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
@@ -14,7 +14,7 @@ import (
// listProjectsCmd represents the listProjects command
var listProjectsCmd = &cobra.Command{
Use: "projects",
- Short: "lists projects in Kondukto",
+ Short: "lists projects in Invicti ASPM",
Run: projectsRootCommand,
}
@@ -25,7 +25,7 @@ func init() {
func projectsRootCommand(_ *cobra.Command, args []string) {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
var name string
diff --git a/cmd/listScanners.go b/cmd/listScanners.go
index 75c37fd..c86feae 100644
--- a/cmd/listScanners.go
+++ b/cmd/listScanners.go
@@ -15,7 +15,7 @@ var listScannersCmd = &cobra.Command{
Run: func(cmd *cobra.Command, args []string) {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
var scannerTypes []client.ScannerType
@@ -30,7 +30,7 @@ var listScannersCmd = &cobra.Command{
Labels: scannerLabels,
})
if err != nil {
- qwe(ExitCodeError, err, "could not get Kondukto active scanners")
+ qwe(ExitCodeError, err, "could not get Invicti ASPM active scanners")
}
var rescanOnly = func(labels []string) string {
diff --git a/cmd/listScans.go b/cmd/listScans.go
index 80f09a4..f88d5ea 100755
--- a/cmd/listScans.go
+++ b/cmd/listScans.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
@@ -28,7 +28,7 @@ func init() {
func scanListRootCommand(cmd *cobra.Command, _ []string) {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
pid := cmd.Flag("project").Value.String()
diff --git a/cmd/project.go b/cmd/project.go
index 21df277..0c5c14a 100644
--- a/cmd/project.go
+++ b/cmd/project.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2023 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
@@ -55,7 +55,7 @@ var projectCmd = &cobra.Command{
// createProjectsRootCommand is the root command for
var availableCmd = &cobra.Command{
Use: "available",
- Short: "Check if a project is available on Kondukto",
+ Short: "Check if a project is available on Invicti ASPM",
Run: func(cmd *cobra.Command, args []string) {
checkProject(cmd)
},
@@ -88,11 +88,11 @@ func checkProject(cmd *cobra.Command) {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
if err := c.HealthCheck(); err != nil {
- qwe(ExitCodeNotAuthorized, err, "could not connect to Kondukto")
+ qwe(ExitCodeNotAuthorized, err, "could not connect to Invicti ASPM")
}
available, err := c.IsAvailable(repositoryID, almTool)
diff --git a/cmd/release.go b/cmd/release.go
index 0cce338..ff521c9 100755
--- a/cmd/release.go
+++ b/cmd/release.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2023 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
@@ -44,7 +44,7 @@ func init() {
func releaseRootCommand(cmd *cobra.Command, _ []string) {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
project, err := getSanitizedFlagStr(cmd, "project")
@@ -193,7 +193,7 @@ func isReleaseFailed(release *client.ReleaseStatus, scannerTypeSpecified bool, s
if verbose {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
for toolType, scanID := range failedScans {
diff --git a/cmd/root.go b/cmd/root.go
index 17dbd62..a8d1a9b 100755
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
@@ -41,8 +41,8 @@ const (
// rootCmd represents the base command when called without any subcommands
var rootCmd = &cobra.Command{
Use: "kdt",
- Short: "Command line interface to interact with Kondukto",
- Long: `KDT is the command line interface of Kondukto for starting scans and setting release criteria. It is made to ease integration of Kondukto to DevSecOps pipelines.`,
+ Short: "Command line interface to interact with Invicti ASPM",
+ Long: `KDT is the command line interface of Invicti ASPM for starting scans and setting release criteria. It is designed to ease integration of Invicti ASPM into DevSecOps pipelines.`,
// Uncomment the following line if your bare application
// has an action associated with it:
PersistentPreRun: func(cmd *cobra.Command, args []string) {
@@ -77,8 +77,8 @@ func init() {
cobra.OnInitialize(initConfig)
rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.kdt.yaml)")
- rootCmd.PersistentFlags().StringVar(&host, "host", "", "Kondukto server host")
- rootCmd.PersistentFlags().StringVar(&token, "token", "", "Kondukto API token")
+ rootCmd.PersistentFlags().StringVar(&host, "host", "", "Invicti ASPM server host")
+ rootCmd.PersistentFlags().StringVar(&token, "token", "", "Invicti ASPM API token")
rootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, "more logs")
rootCmd.PersistentFlags().BoolVar(&insecure, "insecure", false, "skip TLS verification and use insecure http client")
rootCmd.PersistentFlags().Int("exit-code", 0, "override the exit code")
@@ -105,17 +105,75 @@ func initConfig() {
viper.AddConfigPath(home)
viper.SetConfigName(".kdt")
viper.SetConfigType("yaml")
- viper.SetEnvPrefix("kondukto")
}
- viper.AutomaticEnv() // read in environment variables that match
-
// If a config file is found, read it in.
if err := viper.ReadInConfig(); err == nil {
// fmt.Println("Using config file:", viper.ConfigFileUsed())
}
+ // Handle environment variables with backward compatibility
+ // New environment variables: INVICTI_ASPM_HOST, INVICTI_ASPM_TOKEN
+ // Deprecated environment variables: KONDUKTO_HOST, KONDUKTO_TOKEN
+ configureEnvVars()
+
if viper.GetString("host") == "" || viper.GetString("token") == "" {
- qwm(ExitCodeError, fmt.Sprintf("Host and token configuration is required. Provide them via a config file, environment variables or command line arguments. For more information on configuration, see README on GitHub repository. %s\n", repoURL))
+ qwm(ExitCodeError, fmt.Sprintf("Host and token configuration is required. Provide them via a config file, environment variables (INVICTI_ASPM_HOST, INVICTI_ASPM_TOKEN) or command line arguments. For more information on configuration, see README on GitHub repository. %s\n", repoURL))
+ }
+}
+
+// envVarMapping defines the relationship between config keys and their environment variables.
+type envVarMapping struct {
+ configKey string
+ newEnvVar string
+ legacyEnvVar string
+}
+
+// configureEnvVars sets up environment variables with backward compatibility.
+// New INVICTI_ASPM_* variables take precedence over deprecated KONDUKTO_* variables.
+func configureEnvVars() {
+ mappings := []envVarMapping{
+ {configKey: "host", newEnvVar: "INVICTI_ASPM_HOST", legacyEnvVar: "KONDUKTO_HOST"},
+ {configKey: "token", newEnvVar: "INVICTI_ASPM_TOKEN", legacyEnvVar: "KONDUKTO_TOKEN"},
+ }
+
+ var deprecatedVars []string
+ for _, m := range mappings {
+ if used := resolveEnvVar(m); used != "" {
+ deprecatedVars = append(deprecatedVars, fmt.Sprintf("%s (use %s instead)", used, m.newEnvVar))
+ }
+ }
+
+ if len(deprecatedVars) > 0 {
+ printDeprecationWarning(deprecatedVars)
+ }
+}
+
+// resolveEnvVar checks environment variables and sets the config value.
+// Returns the name of the deprecated variable if it was used, empty string otherwise.
+func resolveEnvVar(m envVarMapping) string {
+ if viper.GetString(m.configKey) != "" {
+ return ""
+ }
+
+ if value := os.Getenv(m.newEnvVar); value != "" {
+ viper.Set(m.configKey, value)
+ return ""
+ }
+
+ if value := os.Getenv(m.legacyEnvVar); value != "" {
+ viper.Set(m.configKey, value)
+ return m.legacyEnvVar
+ }
+
+ return ""
+}
+
+func printDeprecationWarning(vars []string) {
+ fmt.Fprintln(os.Stderr, "WARNING: Deprecated environment variable(s) detected:")
+ for _, v := range vars {
+ fmt.Fprintf(os.Stderr, " - %s\n", v)
}
+ fmt.Fprintln(os.Stderr, "Please update to the new environment variables. The deprecated ones will be removed in a future release.")
+ fmt.Fprintln(os.Stderr)
}
diff --git a/cmd/sbom.go b/cmd/sbom.go
index afc415d..09a204b 100644
--- a/cmd/sbom.go
+++ b/cmd/sbom.go
@@ -29,7 +29,7 @@ func init() {
sbomCmd.AddCommand(importSbomCmd)
importSbomCmd.Flags().StringP("file", "f", "", "SBOM file to be imported. Currently only .json format is supported")
- importSbomCmd.Flags().StringP("project", "p", "", "Kondukto project id or name")
+ importSbomCmd.Flags().StringP("project", "p", "", "Invicti ASPM project ID or name")
importSbomCmd.Flags().StringP("repo-id", "r", "", "URL or ID of ALM repository")
importSbomCmd.Flags().StringP("sbom-type", "s", "", "Custom type(optional). Supported values are [source_dir, image, application, os, container]")
importSbomCmd.Flags().StringP("branch", "b", "", "Branch name for the project receiving the sbom")
@@ -39,15 +39,15 @@ func init() {
// importSbomCmd represents the sbom import command
var importSbomCmd = &cobra.Command{
Use: "import",
- Short: "imports sbom file to Kondukto",
+ Short: "imports sbom file to Invicti ASPM",
Run: importSbomRootCommand,
}
func importSbomRootCommand(cmd *cobra.Command, _ []string) {
- // Initialize Kondukto client
+ // Initialize Invicti ASPM client
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
sbomImport := SBOMImport{
cmd: cmd,
@@ -120,7 +120,7 @@ func (s *SBOMImport) sbomImport() error {
if projectName == "" {
importInfo = fmt.Sprintf("%s(ALM)", repo)
} else {
- importInfo = fmt.Sprintf("%s(kondukto project)", projectName)
+ importInfo = fmt.Sprintf("%s(Invicti ASPM project)", projectName)
}
klog.Printf("sbom file imported successfully for: [%s]", importInfo)
diff --git a/cmd/scan.go b/cmd/scan.go
index a01160b..08f8a67 100755
--- a/cmd/scan.go
+++ b/cmd/scan.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
@@ -53,7 +53,7 @@ func init() {
rootCmd.AddCommand(scanCmd)
scanCmd.Flags().Bool("async", false, "does not block build process")
- scanCmd.Flags().StringP("project", "p", "", "kondukto project id or name")
+ scanCmd.Flags().StringP("project", "p", "", "Invicti ASPM project ID or name")
scanCmd.Flags().StringP("tool", "t", "", "tool name")
scanCmd.Flags().StringP("scan-id", "s", "", "scan id")
scanCmd.Flags().StringP("meta", "m", "", "meta data")
@@ -89,8 +89,8 @@ func init() {
scanCmd.Flags().Bool("feature-branch-infinite-retention", false, "Sets an infinite retention for project feature branches. Overrides --feature-branch-retention flag when set to true [create-project]")
scanCmd.Flags().String("default-branch", "main", "Sets the default branch for the project. When repo-id is given, this will be overridden by the repository's default branch [create-project].")
scanCmd.Flags().Bool("scope-include-empty", false, "enable to include SAST, SCA and IAC vulnerabilities with no path in this project.")
- scanCmd.Flags().String("scope-included-paths", "", "a comma separated list of paths within your mono-repo so that Kondukto can decide on the SAST, SCA and IAC vulnerabilities to include in this project.")
- scanCmd.Flags().String("scope-included-files", "", "a comma separated list of file names Kondukto should check for in vulnerabilities alongside paths")
+ scanCmd.Flags().String("scope-included-paths", "", "a comma-separated list of paths within your mono-repo so that Invicti ASPM can decide on the SAST, SCA, and IAC vulnerabilities to include in this project")
+ scanCmd.Flags().String("scope-included-files", "", "a comma-separated list of file names Invicti ASPM should check for in vulnerabilities alongside paths")
scanCmd.Flags().Int("criticality-level", 0, "business criticality of the project, possible values are [ 4 = Major, 3 = High, 2 = Medium, 1 = Low, 0 = None, -1 = Auto ]. Default is [0]")
scanCmd.Flags().Bool("threshold-risk", false, "set risk score of last scan as threshold")
@@ -109,10 +109,10 @@ var scanCmd = &cobra.Command{
Short: "base command for starting scans",
Run: scanRootCommand,
PreRun: func(cmd *cobra.Command, args []string) {
- // Initialize Kondukto client
+ // Initialize Invicti ASPM client
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
t, _ := cmd.Flags().GetString("tool")
@@ -131,10 +131,10 @@ var scanCmd = &cobra.Command{
}
func scanRootCommand(cmd *cobra.Command, _ []string) {
- // Initialize Kondukto client
+ // Initialize Invicti ASPM client
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
scan := Scan{
@@ -1424,7 +1424,7 @@ func printScanSummary(scan *client.ScanDetail) {
func checkRelease(scan *client.ScanDetail, cmd *cobra.Command) error {
c, err := client.New()
if err != nil {
- return fmt.Errorf("failed to initialize Kondukto client: %w", err)
+ return fmt.Errorf("failed to initialize Invicti ASPM client: %w", err)
}
releaseTimeoutFlag, err := cmd.Flags().GetInt("release-timeout")
@@ -1519,7 +1519,7 @@ func isScanReleaseFailed(scan *client.ScanDetail, release *client.ReleaseStatus,
if verbose {
c, err := client.New()
if err != nil {
- return fmt.Errorf("failed to initialize Kondukto client: %w", err)
+ return fmt.Errorf("failed to initialize Invicti ASPM client: %w", err)
}
for toolType, scanID := range failedScans {
@@ -1551,7 +1551,7 @@ func isScanReleaseFailed(scan *client.ScanDetail, release *client.ReleaseStatus,
func passTests(scan *client.ScanDetail, cmd *cobra.Command) error {
c, err := client.New()
if err != nil {
- return fmt.Errorf("failed to initialize Kondukto client: %w", err)
+ return fmt.Errorf("failed to initialize Invicti ASPM client: %w", err)
}
if cmd.Flag("threshold-risk").Changed {
diff --git a/cmd/scan_test.go b/cmd/scan_test.go
index d886862..1b76bfd 100644
--- a/cmd/scan_test.go
+++ b/cmd/scan_test.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
diff --git a/cmd/scanparams.go b/cmd/scanparams.go
index ada3c2a..473aa3d 100644
--- a/cmd/scanparams.go
+++ b/cmd/scanparams.go
@@ -24,7 +24,7 @@ func init() {
scanParamsCmd.AddCommand(deleteScanParamsCmd)
- deleteScanParamsCmd.Flags().StringP("project", "p", "", "kondukto project id or name (required)")
+ deleteScanParamsCmd.Flags().StringP("project", "p", "", "Invicti ASPM project ID or name (required)")
deleteScanParamsCmd.Flags().StringP("tool", "t", "", "tool name of scan params (required)")
deleteScanParamsCmd.Flags().StringP("meta", "m", "", "meta data of scan params")
deleteScanParamsCmd.Flags().StringP("branch", "b", "", "branch of scan params")
@@ -33,14 +33,14 @@ func init() {
var deleteScanParamsCmd = &cobra.Command{
Use: "delete",
- Short: "delete scan parameters and vulnerabilities from Kondukto",
+ Short: "delete scan parameters and vulnerabilities from Invicti ASPM",
Run: deleteScanParamsRootCommand,
}
func deleteScanParamsRootCommand(cmd *cobra.Command, _ []string) {
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
scanParams := ScanParamsDelete{
diff --git a/cmd/status.go b/cmd/status.go
index 0c09e9b..781676b 100755
--- a/cmd/status.go
+++ b/cmd/status.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
@@ -35,10 +35,10 @@ func init() {
}
func statusRootCommand(cmd *cobra.Command, _ []string) {
- // Initialize Kondukto client
+ // Initialize Invicti ASPM client
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
eid := cmd.Flag("event").Value.String()
diff --git a/cmd/updateProjects.go b/cmd/updateProjects.go
index 6364e73..84a5a8a 100644
--- a/cmd/updateProjects.go
+++ b/cmd/updateProjects.go
@@ -19,15 +19,15 @@ func init() {
// updateBCCMd represents the sbom import command
var updateProjectCMD = &cobra.Command{
Use: "project",
- Short: "updates the project on Kondukto",
+ Short: "updates the project on Invicti ASPM",
Run: updateProjectBaseCommand,
}
func updateProjectBaseCommand(cmd *cobra.Command, _ []string) {
- // Initialize Kondukto client
+ // Initialize Invicti ASPM client
c, err := client.New()
if err != nil {
- qwe(ExitCodeError, err, "could not initialize Kondukto client")
+ qwe(ExitCodeError, err, "could not initialize Invicti ASPM client")
}
bc := ProjectUpdate{
cmd: cmd,
diff --git a/cmd/util.go b/cmd/util.go
index 652bda5..f9399ac 100755
--- a/cmd/util.go
+++ b/cmd/util.go
@@ -1,6 +1,6 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
package cmd
diff --git a/main.go b/main.go
index 6a04a4c..2fb8991 100755
--- a/main.go
+++ b/main.go
@@ -1,7 +1,8 @@
/*
-Copyright © 2019 Kondukto
-
+Copyright © 2019 Invicti Security
+https://www.invicti.com/
*/
+
package main
import (