$ roxctl scanner [command] [flags]
Commands related to the StackRox Scanner and Scanner V4 services.
Scanner V4 is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope. |
$ roxctl scanner [command] [flags]
Command | Description |
---|---|
|
Download the offline vulnerability database for StackRox Scanner and Scanner V4. |
|
Generate the required YAML configuration files to deploy the StackRox Scanner and Scanner V4. |
|
Upload a vulnerability database for the StackRox Scanner and Scanner V4. |
The roxctl scanner
command supports the following options inherited from the parent roxctl
command:
Option | Description |
---|---|
|
Specify a custom CA certificate file path for secure connections. Alternatively, you can specify the file path by using the |
|
Set |
|
Set the endpoint for the service to contact. Alternatively, you can set the endpoint by using the |
|
Force the use of HTTP/1 for all connections. Alternatively, by setting the |
|
enable insecure connection options. Alternatively, by setting the |
|
Skip the TLS certificate validation. Alternatively, by setting the |
|
Disable the color output. Alternatively, by setting the |
|
Specify the password for basic authentication. Alternatively, you can set the password by using the |
|
Use an unencrypted connection. Alternatively, by setting the |
|
Set the TLS server name to use for SNI. Alternatively, you can set the server name by using the |
|
Use the API token provided in the specified file for authentication. Alternatively, you can set the token by using the |
These options are applicable to all the sub-commands of the |
Generate the required YAML configuration files to deploy Scanner.
$ roxctl scanner generate [flags]
Option | Description |
---|---|
|
Specify the type of cluster on which you want to run Scanner. Cluster types include |
|
Create |
|
Generate deployment files that support the specified Istio version. Valid versions include |
|
Specify the output directory for the Scanner bundle. Leave blank to use the default value. |
|
Set the timeout after which API requests are retried. A value of zero means that the entire request duration is waited for without retrying. The default value is |
|
Specify the Scanner image that you want to use. Leave blank to use the server default. |
|
Set the timeout for API requests representing the maximum duration of a request. The default value is |
Upload a vulnerability database for Scanner.
$ roxctl scanner upload-db [flags]
Option | Description |
---|---|
|
Specify the file containing the dumped Scanner definitions DB. |
|
Set the timeout for API requests representing the maximum duration of a request. The default value is |
Download the offline vulnerability database for StackRox Scanner or Scanner V4.
Scanner V4 is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope. |
This command downloads version-specific offline vulnerability bundles. The system contacts Central to determine the version if one is not specified. If communication fails, the download defaults to the version embedded within roxctl
.
By default, it will attempt to download the database for the determined version and less-specific variants. For example, if version 4.4.1-extra
is specified, downloads will be attempted for the following version variants:
4.4.1-extra
4.4.1
4.4
$ roxctl scanner download-db [flags]
Option | Description |
---|---|
|
Force overwriting the output file if it already exists. The default value is |
|
Output file to save the vulnerability database to. The default value is the name and path of the remote file that is downloaded. |
|
Do not contact Central when detecting the version. The default value is |
|
Do not attempt to process variants of the determined version. The default value is |
|
Set the timeout for API requests representing the maximum duration of a request. The default value is |
|
Download a specific version or version variant of the vulnerability database. By default, the version is automatically detected. |