CLI options for Local Scanner
The Aikido Security Local Scanner is a tool that enables you to perform Aikido Security scans within your environment, ensuring your code never leaves your premises. Below you can find the options that can be passed when running the local scanner.
Repository scanning
Usage: aikido-local-scanner scan [options] <path> Run a scan. Arguments: path The path you want to scan. Options: --apikey <apikey> Apikey to send scanning results to Aikdo. --repositoryname <repositoryname> Repo name to create or send results to. --branchname <branchname> Branch name that is being scanned. --tmpdirectory <tmpdirectory> Temporary directory to use during scanning. (default: "./.aikidotmp") --debug Add additional debug information to command output. --disable-artifact-scanning Disable trivy rootfs scanning. Use to speed up scanning at the cost of not scanning artifacts such as .jar files. --scanners [scanners...] Specify which of the scanners should be executed. (choices: "trivy", "semgrep", "checkov", "syft") --fail-on <severity> Runs scanner in release gating mode and fails on the given severity. (choices: "low", "medium", "high", "critical") --gating-result-output <output> JSON file to write issues to when running (release gating mode only) --no-fail-on-timeout Do not fail the process in case the scan result polling times out (release gating mode only) --max-polling-attempts <amount> Amount of times to poll for scan results, increase this if the default value of 20 is not enough (release gating mode only) -h, --help display help for command
Image scanning
Usage: aikido-local-scanner image-scan [options] <image> Run an image scan. Arguments: image The image you want to scan. Options: --apikey <apikey> Apikey to send scanning results to Aikdo. --platform <platform> Set platform (to pull arm64 image on a amd64 system for example) --debug Add additional debug information to command output. --fail-on <severity> Runs scanner in release gating mode and fails on the given severity. (choices: "low", "medium", "high", "critical") --gating-result-output <output> JSON file to write issues to when running (release gating mode only) --no-fail-on-timeout Do not fail the process in case the scan result polling times out (release gating mode only) --max-polling-attempts <amount> Amount of times to poll for scan results, increase this if the default value of 20 is not enough (release gating mode only) -h, --help display help for command