Skip to main content

CLI tool of boman.ai

Project description

Introduction

Boman CLI is a Orchestration script written in python to run security scans on the local or CI/CD environment and upload the results to Boman.ai SaaS server.

Installation

pip install boman-cli

Getting Started

For help

boman-cli -h

Authentication of project has been moved from boman.yaml to boman-cli

boman-cli -a run -at <project token> -ct <customer token>

To obtain project token and customer token. Go to SaaS platform. Click on Apps -> app menu of the particular app -> Get Scan Token

To test the boman cli server

boman-cli -a test-saas

To test the boman configuration written in boman.yaml file

boman-cli -a test-yaml

To run the scan

boman-cli -a run

To run the scan on specific Boman SaaS URL (On prem)

boman-cli -a run -u {URL}

To fail build on high/medium/low finding is detected

boman-cli -a run -fb {severity}

Severity can be high, medium or low.

Example: boman-cli -a run -fb high

To custom change the boman.yaml file, pass the custom file name as input for -config argument

boman-cli -a run -config <custom_boman_yaml_file_name_here>

Example: boman-cli -a run -config ./customboman.yaml

To inject custom zap auth session script file, pass the custom file name as input for -zap_session_script argument

boman-cli -a run -zap_session_script <custom_session_script_file_name_here>

Example: boman-cli -a run -zap_session_script ./session.js

To pass semgrep api token, pass it with -semgrep_token

boman-cli -a run -semgrep_token <value>

Error codes

0 : Successfull scan 1 : Server/SaaS error 2 : Auth error 3 : Docker/System error 4 : Misconfig error

Release Note:

2.4.9

  • Feature: Merged the Zaparg argument with the 2.4.8 build

2.4.8

  • New: Semgrep pro (API) integration. Navigate to Integrations -> Semgrep pro/api in the Boman SaaS to setup Semgrep pro.

  • New: Reachability analysis for SCA enabled.

  • Feature Request: when Failbuild is configured. Boman should not take false positive, Accepted Risk, Not applicable and Muted vulnerabilities into account.

V2.4.7

  • BUG: Failing build if token is not configured.

V2.4.6

  • New: Semgrep CLI integration. Pass the semgrep token as -semgrep_token {value}.

V2.4.5

  • New: Snyk API integration. Navigate to Integrations -> Snyk in the Boman SaaS to setup Snyk.

V2.4.4

  • Minor bug fix + V2.4.3

V2.4.3

  • New: SonarCloud API integration. Navigate to Integrations -> SonarCloud in the Boman SaaS to setup SonarCloud.

V2.4.2

  • New: Advanced ZAP setup. Navigate to Integrations -> OWASP ZAP -> Integrate -> enable Advance Zap Authentication in the Boman SaaS to enable Advanced Zap setup.

V2.4.1

  • New: New CLI arguments for ZAP custom arguments.

V2.4.0

  • New: optimized CLI and Progression indicator in Boman SaaS.

V2.3.0

  • New: The pipeline configuration has been relocated from boman.yaml to the SaaS platform. Navigate to Apps -> App menu -> Configure pipeline to set it up. The current boman.yaml configuration will remain functional until it is officially deprecated.

V2.2.0

- New scan added: IaC.

V2.1.1

- Ignore files or directory for SAST and SCA

V2.1

- New scan added: SBOM.

V2.0

- New scan added: Container scan.
- New Tool added for SCA scan type.

V1.9:

- [Bug fix] Updated the Upload Logs success message

Released on: 21 June 2024

V1.8:

- Adapted to our new Boman SaaS platform

Released on: 20 June 2024

V1.7:

- Fixed docker-request libraries issue
- Zap Authenticated scan 
- Fetch Git details
- custom boman.yaml and zap session script load option

Released on: 21 May 2024

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

boman_cli-2.4.11.tar.gz (34.0 kB view details)

Uploaded Source

File details

Details for the file boman_cli-2.4.11.tar.gz.

File metadata

  • Download URL: boman_cli-2.4.11.tar.gz
  • Upload date:
  • Size: 34.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.0.1 CPython/3.10.12

File hashes

Hashes for boman_cli-2.4.11.tar.gz
Algorithm Hash digest
SHA256 0cdc7b0d98d679d69f83a27cc714b6d1dbe034a9bf375cd0a81830cdc74acff4
MD5 f82debc0d4315811e4beb1019d187c8f
BLAKE2b-256 482c1523d14f6bc4daee7dc5f9465c4b2c1e1b781249bd92f6f10c896a97a415

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page