$ roxctl scanner [command] [flags]
Commands related to the StackRox Scanner and Scanner V4 services.
$ roxctl scanner [command] [flags]
Command | Description |
---|---|
|
Download the offline vulnerability database for StackRox Scanner and Scanner V4. |
|
Generate the required YAML configuration files to deploy the StackRox Scanner and Scanner V4. |
|
Upload a vulnerability database for the StackRox Scanner and Scanner V4. |
The roxctl scanner
command supports the following options inherited from the parent roxctl
command:
Option | Description |
---|---|
|
Specify a custom CA certificate file path for secure connections. Alternatively, you can specify the file path by using the |
|
Set |
|
Set the endpoint for the service to contact. Alternatively, you can set the endpoint by using the |
|
Force the use of HTTP/1 for all connections. Alternatively, by setting the |
|
enable insecure connection options. Alternatively, by setting the |
|
Skip the TLS certificate validation. Alternatively, by setting the |
|
Disable the color output. Alternatively, by setting the |
|
Specify the password for basic authentication. Alternatively, you can set the password by using the |
|
Use an unencrypted connection. Alternatively, by setting the |
|
Set the TLS server name to use for SNI. Alternatively, you can set the server name by using the |
|
Use the API token provided in the specified file for authentication. Alternatively, you can set the token by using the |
These options are applicable to all the sub-commands of the |
Generate the required YAML configuration files to deploy Scanner.
$ roxctl scanner generate [flags]
Option | Description |
---|---|
|
Specify the type of cluster on which you want to run Scanner. Cluster types include |
|
Create |
|
Generate deployment files that support the specified Istio version. Valid versions include |
|
Specify the output directory for the Scanner bundle. Leave blank to use the default value. |
|
Set the timeout after which API requests are retried. A value of zero means that the entire request duration is waited for without retrying. The default value is |
|
Specify the Scanner image that you want to use. Leave blank to use the server default. |
|
Set the timeout for API requests representing the maximum duration of a request. The default value is |
Upload a vulnerability database for Scanner.
$ roxctl scanner upload-db [flags]
Option | Description |
---|---|
|
Specify the file containing the dumped Scanner definitions DB. |
|
Set the timeout for API requests representing the maximum duration of a request. The default value is |
Download the offline vulnerability database for StackRox Scanner or Scanner V4.
This command downloads version-specific offline vulnerability bundles. The system contacts Central to determine the version if one is not specified. If communication fails, the download defaults to the version embedded within roxctl
.
By default, it will attempt to download the database for the determined version and less-specific variants. For example, if version 4.4.1-extra
is specified, downloads will be attempted for the following version variants:
4.4.1-extra
4.4.1
4.4
$ roxctl scanner download-db [flags]
Option | Description |
---|---|
|
Force overwriting the output file if it already exists. The default value is |
|
Output file to save the vulnerability database to. The default value is the name and path of the remote file that is downloaded. |
|
Do not contact Central when detecting the version. The default value is |
|
Do not attempt to process variants of the determined version. The default value is |
|
Set the timeout for API requests representing the maximum duration of a request. The default value is |
|
Download a specific version or version variant of the vulnerability database. By default, the version is automatically detected. |