> For the complete CircleCI developer hub index, see [llms.txt](https://circleci.com/developer/llms.txt)

# accuknox/scan

Orb for running Accuknox ASPM Scans


## Commands

### container-scan

Accuknox Container Scan


| Parameter | Type | Default | Description |
|---|---|---|---|
| `IMAGE_NAME` | string |  | Docker image name |
| `IMAGE_TAR` | string |  | Docker image tar file in the artifact |
| `SEVERITY` | string | UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL | Comma-separated severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL |
| `SOFT_FAIL` | boolean | true | Do not return an error code if there are failed checks |
| `TAG` | string |  | Docker image tag name |

### dast-scan

AccuKnox DAST Scan


| Parameter | Type | Default | Description |
|---|---|---|---|
| `DAST_SCAN_TYPE` | string | baseline | DAST scan type: baseline or full-scan |
| `SEVERITY_THRESHOLD` | string | HIGH | Minimum severity to fail the pipeline (LOW, MEDIUM, HIGH). Default is HIGH. |
| `SOFT_FAIL` | boolean | true | Do not return an error code if there are failed checks |
| `TARGET_URL` | string |  | The URL of the web application to scan. |

### iac-scan

Accuknox IAC Scan


| Parameter | Type | Default | Description |
|---|---|---|---|
| `COMPACT` | boolean | true | Do not display code blocks in output |
| `DIRECTORY` | string | . | Directory with infrastructure code and/or package manager files to scan |
| `FILE` | string |  | Specify a file for scanning; cannot be used with directory input. Filter runners by file type, e.g., ".tf" for Terraform. |
| `FRAMEWORK` | string |  | Run only on a specific infrastructure, Supported: Kubernetes & Terraform |
| `QUIET` | boolean | true | Display only failed checks |
| `SOFT_FAIL` | boolean | true | Do not return an error code if there are failed checks |

### sast-scan

Accuknox SAST Scan


| Parameter | Type | Default | Description |
|---|---|---|---|
| `JOB_URL` | string |  | The URL for the current job |
| `PIPELINE_ID` | string |  | Job ID |
| `SOFT_FAIL` | boolean | true | Do not return an error code if there are failed checks |

### secret-scan

Accuknox Secret Scan


| Parameter | Type | Default | Description |
|---|---|---|---|
| `ADDITIONAL_ARGUMENTS` | string |  | Extra parameters for secret scanning. |
| `BRANCH` | string |  | The branch to scan. Use all-branches to scan all branches. |
| `EXCLUDE_PATHS` | string |  | Paths to exclude from the scan. |
| `RESULTS` | string |  | Specifies which type(s) of results to output: verified, unknown, unverified, filtered_unverified. Defaults to all types. |
| `SOFT_FAIL` | boolean | true | Do not return an error code if there are failed checks |

### sq-sast-scan

AccuKnox SAST Scan using SonarQube


| Parameter | Type | Default | Description |
|---|---|---|---|
| `PIPELINE_URL` | string |  | CI pipeline URL |
| `SKIP_SONAR_SCAN` | boolean | false | If true, skips the SonarQube scan |
| `SOFT_FAIL` | boolean | true | Do not return an error code if there are failed checks |

## Jobs

### container

Accuknox Container Scan


| Parameter | Type | Default | Description |
|---|---|---|---|
| `IMAGE_NAME` | string |  | Docker image name |
| `IMAGE_TAR` | string |  | Docker image tar file in the artifact |
| `SEVERITY` | string | UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL | Comma-separated severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL |
| `SOFT_FAIL` | boolean | true | Do not return an error code if there are failed checks |
| `TAG` | string |  | Docker image tag name |

### dast

AccuKnox DAST Scan


| Parameter | Type | Default | Description |
|---|---|---|---|
| `DAST_SCAN_TYPE` | string | baseline | DAST scan type: baseline or full-scan |
| `SEVERITY_THRESHOLD` | string | HIGH | Minimum severity to fail the pipeline (LOW, MEDIUM, HIGH). Default is HIGH. |
| `SOFT_FAIL` | boolean | true | Do not return an error code if there are failed checks |
| `TARGET_URL` | string |  | The URL of the web application to scan. |

### iac

Accuknox IAC Scan


| Parameter | Type | Default | Description |
|---|---|---|---|
| `COMPACT` | boolean | true | Do not display code blocks in output |
| `DIRECTORY` | string | . | Directory with infrastructure code and/or package manager files to scan |
| `FILE` | string |  | Specify a file for scanning; cannot be used with directory input. Filter runners by file type, e.g., ".tf" for Terraform. |
| `FRAMEWORK` | string |  | Run only on a specific infrastructure, Supported: Kubernetes & Terraform |
| `QUIET` | boolean | true | Display only failed checks |
| `SOFT_FAIL` | boolean | true | Do not return an error code if there are failed checks |

### sast

Accuknox SAST Scan


| Parameter | Type | Default | Description |
|---|---|---|---|
| `JOB_URL` | string |  | The URL for the current job |
| `PIPELINE_ID` | string |  | Job ID |
| `SOFT_FAIL` | boolean | true | Do not return an error code if there are failed checks |

### secret

Accuknox Secret Scan


| Parameter | Type | Default | Description |
|---|---|---|---|
| `ADDITIONAL_ARGUMENTS` | string |  | Extra parameters for secret scanning. |
| `BRANCH` | string |  | The branch to scan. Use all-branches to scan all branches. |
| `EXCLUDE_PATHS` | string |  | Paths to exclude from the scan. |
| `RESULTS` | string |  | Specifies which type(s) of results to output: verified, unknown, unverified, filtered_unverified. Defaults to all types. |
| `SOFT_FAIL` | boolean | true | Do not return an error code if there are failed checks |

### sq-sast

AccuKnox SAST Scan using SonarQube


| Parameter | Type | Default | Description |
|---|---|---|---|
| `PIPELINE_URL` | string |  | CI pipeline URL |
| `SKIP_SONAR_SCAN` | boolean | false | If true, skips the SonarQube scan |
| `SOFT_FAIL` | boolean | true | Do not return an error code if there are failed checks |

## Executors

### executor

Executor for Accuknox SAST scan
