> For the complete CircleCI developer hub index, see [llms.txt](https://circleci.com/developer/llms.txt)

# boostsecurityio/scanner

Executes the Boost Security Scanner cli tool to scan repositories for vulnerabilities and uploads results to the Boost API.


## Commands

### install

Scans the git repository for security issues or violations and uploads the results to the Boost Security API.


| Parameter | Type | Default | Description |
|---|---|---|---|
| `cli_version` | string | 1 | CLI version to download, may be Major, Major.Minor or Major.Minor.Patch
 |

### scan

Scans the git repository for security issues or violations and uploads the results to the Boost Security API.


| Parameter | Type | Default | Description |
|---|---|---|---|
| `additional_args` | string |  | Additional arguments to pass to boost cli
 |
| `api_enabled` | boolean | true | Optional Boost API URL environment variable name
 |
| `api_endpoint` | string |  | Optional Boost API URL environment variable name
 |
| `api_token` | env_var_name | BOOST_API_TOKEN | Boost API token environment variable name
 |
| `cli_version` | string | 1 | CLI version to download, may be Major, Major.Minor or Major.Minor.Patch
 |
| `ignore_failure` | boolean | false | Ignore any exception returned by the scanner cli
 |
| `log_level` | string |  | Set the cli logging level
 |
| `main_branch` | string |  | Optional override for main branch detection
 |
| `pre_scan_cmd` | string |  | Optional command to run before scanning
 |
| `registry_module` | string |  | Module within the scanner registry to execute
 |
| `scan_label` | string |  | Optional identifier to identify a a monorepo component
 |
| `scan_path` | string |  | Optional relative path to scan. Must be used with a scan_label.
 |
| `scan_timeout` | string |  | Maximum amount of time a diff scan should complete in
 |
| `scanner_id` | string |  | Optional identifier to uniquely identify the scanner
 |

## Jobs

### scan

Scans the git repository for security issues or violations and uploads the results to the Boost Security API.


| Parameter | Type | Default | Description |
|---|---|---|---|
| `additional_args` | string |  | Additional arguments to pass to boost cli
 |
| `api_enabled` | boolean | true | Optional Boost API URL environment variable name
 |
| `api_endpoint` | string |  | Optional Boost API URL environment variable name
 |
| `api_token` | env_var_name | BOOST_API_TOKEN | Boost API token environment variable name
 |
| `cli_version` | string | 1 | CLI version to download, may be Major, Major.Minor or Major.Minor.Patch
 |
| `executor_docker_layer_caching` | boolean | true | Enable or disable executor's docker layer caching
 |
| `ignore_failure` | boolean | false | Ignore any exception returned by the scanner cli
 |
| `log_level` | string |  | Set the cli logging level
 |
| `main_branch` | string |  | Optional override for main branch detection
 |
| `pre_scan_cmd` | string |  | Optional command to run before scanning
 |
| `registry_module` | string |  | Module within the scanner registry to execute
 |
| `scan_label` | string |  | Optional identifier to identify a a monorepo component
 |
| `scan_path` | string |  | Optional relative path to scan. Must be used with a scan_label.
 |
| `scan_timeout` | string |  | Maximum amount of time a diff scan should complete in
 |
| `scanner_id` | string |  | Optional identifier to uniquely identify the scanner
 |

## Examples

### command

Add the boost scanner as a pipeline job command.


```yaml
version: '2.1'
orbs:
  boost-security-scanner: boostsecurityio/scanner@x.y.z
jobs:
  scan:
    executor: default
    steps:
      - checkout
      - boost-security-scanner/scan:
          api_token_var: BOOST_API_TOKEN
          registry_module: scanners/boostsecurityio/native-scanner
workflows:
  build:
    jobs:
      - test
      - scan:
          context: boost-security
      - push:
          requires:
            - test
  version: 2
```

### install

Install the boost scanner in your ci environment


```yaml
version: '2.1'
orbs:
  boost-security-scanner: boostsecurityio/scanner@x.y.z
jobs:
  scan:
    executor: default
    steps:
      - checkout
      - boost-security-scanner/install
      - run: boost version
workflows:
  build:
    jobs:
      - test
      - scan:
          context: boost-security
      - push:
          requires:
            - test
  version: 2
```

### job

Add the boost scanner as a pipeline workflow job.

Prior to adding this step, you following environment variables should be
defined either in a context object or through repository environment vars.

BOOST_API_TOKEN -- The boost api token


```yaml
version: '2.1'
orbs:
  boost-security-scanner: boostsecurityio/scanner@x.y.z
workflows:
  build:
    jobs:
      - test
      - boost-security-scanner/scan:
          api_token_var: BOOST_API_TOKEN
          context: boost-security
          name: scan
          registry_module: scanners/boostsecurityio/native-scanner
      - push:
          requires:
            - test
  version: 2
```