Command line interface to scan Infrastructure-as-Code templates using Qualys IaC.
Project description
Qualys-IaC-Security
The qiac is a command line interface to scan Infrastructure-as-Code templates using Qualys CloudView (Cloud Security Assessment).
Description
The Qualys IaC app provides a quick yet reliable way to assess your Infrastructure-as-a-Code templates and uncover potential vulnerable situations. The qiac provides you an interface to interact with Qualys IaC module in a simple way.
This command line interface (CLI) provides following commands.
| Command Name | Feature | Description | Since Version |
|---|---|---|---|
| scan | Launch an IaC scan | You can scan one or more templates in a single command. This runs a job on Qualys cloud platform. | 1.0.0b2 |
| listscans | Get list of all IaC scans | Once you launch a scan, you can view list of all scans or a specific scan. | 1.0.0b2 |
| getresult | Get the IaC scan result | Once a scan is completed, you can download the scan result for your review. | 1.0.0b2 |
Installation
Prerequisite
You need to fulfill the following requirements to use this CLI tool.
- Python 3
- A valid Qualys subscription with access to
- CloudView (Cloud Security Assessment)
- The Qualys API
Command to install
You can install the qiac CLI from PyPI. Run the following command to install.
pip install Qualys-IaC-Security
How to use
See the supported options
You can use the --help option to get a list of supported options and their explanation.
Usage: qiac [OPTIONS] COMMAND [ARGS]...
Options:
-v, --version Show the version and exit.
-h, --help Show this message and exit.
Commands:
getresult Gets the scan result.
listscans List all the scans.
scan Triggers/Launches the IaC scan.
Launch a scan
You can scan one or more file(s) using the following command.
qiac scan -a <Qualys Platform> -u <your Qualys username> -d <path to a file or directory> -n <name of the scan>
- The CLI prompts for your Qualys password, only if password is not provided in command.
- Note: To scan the template(s), this CLI uploads your file(s) to the Qualys Cloud Platform.
- When you provide a path to a directory for
-doption, the CLI will ZIP the contents and then upload the ZIP to the Qualys Cloud Platform. - On successful launch of the scan, the CLI output provides a Scan Id and show results in a tabular format.
Get the list of all scans
You can get list of scans using the following command. If you want to get the scan details for a specific scan, provide the IaC scan Id obtained from the launch scan output.
qiac listscans -a <Qualys Platform> -u <your Qualys username> -i <Scan Id>
- This will fetch list of all IaC scan and its details and print it in tabular format on the terminal.
Get the scan result
Once you see that the scan status is FINISHED or ERROR, you can use the following command to get the IaC scan result.
qiac getresult -a <Qualys Platform> -u <your Qualys username> -i <Scan Id>
- This will download the scan result and print it in tabular format on the terminal.
Documentation
For more information you can refer Secure Infrastructure as Code section in this user guide: https://www.qualys.com/docs/qualys-cloud-view-user-guide.pdf
Support
If you have any questions, please contact Qualys Support team at support@qualys.com
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for Qualys_IaC_Security-1.0.0b2-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c7a71b052ebd831edcd48b7aa11bfdb0447d360507364832c778b7d89f3cf777 |
|
| MD5 | 493cc2f2f091f6583a3c80cff89cf6a3 |
|
| BLAKE2b-256 | 902cb7bfd46a844a2a89706e5440c76aa150a6e3476783ee1147c2ca2494eb0b |
