qualys-iac-security 1.0.0b2

Command line interface to scan Infrastructure-as-Code templates using Qualys IaC.

Qualys-IaC-Security

The qiac is a command line interface to scan Infrastructure-as-Code templates using Qualys CloudView (Cloud Security Assessment).

Description

The Qualys IaC app provides a quick yet reliable way to assess your Infrastructure-as-a-Code templates and uncover potential vulnerable situations. The qiac provides you an interface to interact with Qualys IaC module in a simple way.

This command line interface (CLI) provides following commands.

Command Name	Feature	Description	Since Version
scan	Launch an IaC scan	You can scan one or more templates in a single command. This runs a job on Qualys cloud platform.	1.0.0b2
listscans	Get list of all IaC scans	Once you launch a scan, you can view list of all scans or a specific scan.	1.0.0b2
getresult	Get the IaC scan result	Once a scan is completed, you can download the scan result for your review.	1.0.0b2

Installation

Prerequisite

You need to fulfill the following requirements to use this CLI tool.

• Python 3
• A valid Qualys subscription with access to
  • CloudView (Cloud Security Assessment)
  • The Qualys API

Command to install

You can install the qiac CLI from PyPI. Run the following command to install.

pip install Qualys-IaC-Security

How to use

See the supported options

You can use the --help option to get a list of supported options and their explanation.

Usage: qiac [OPTIONS] COMMAND [ARGS]...

Options:
  -v, --version  Show the version and exit.
  -h, --help     Show this message and exit.

Commands:
  getresult  Gets the scan result.
  listscans  List all the scans.
  scan       Triggers/Launches the IaC scan.

Launch a scan

You can scan one or more file(s) using the following command.

qiac scan -a <Qualys Platform> -u <your Qualys username> -d <path to a file or directory> -n <name of the scan>

• The CLI prompts for your Qualys password, only if password is not provided in command.
• Note: To scan the template(s), this CLI uploads your file(s) to the Qualys Cloud Platform.
• When you provide a path to a directory for -d option, the CLI will ZIP the contents and then upload the ZIP to the Qualys Cloud Platform.
• On successful launch of the scan, the CLI output provides a Scan Id and show results in a tabular format.

Get the list of all scans

You can get list of scans using the following command. If you want to get the scan details for a specific scan, provide the IaC scan Id obtained from the launch scan output.

qiac listscans -a <Qualys Platform> -u <your Qualys username> -i <Scan Id>

• This will fetch list of all IaC scan and its details and print it in tabular format on the terminal.

Get the scan result

Once you see that the scan status is FINISHED or ERROR, you can use the following command to get the IaC scan result.

qiac getresult -a <Qualys Platform> -u <your Qualys username> -i <Scan Id>

• This will download the scan result and print it in tabular format on the terminal.

Documentation

For more information you can refer Secure Infrastructure as Code section in this user guide: https://www.qualys.com/docs/qualys-cloud-view-user-guide.pdf

Support

If you have any questions, please contact Qualys Support team at support@qualys.com