CLI options for Local Scanner

The Aikido Security Local Scanner is a tool that enables you to perform Aikido Security scans within your environment, ensuring your code never leaves your premises. Below you can find the options that can be passed when running the local scanner.

Repository scanning

Usage: aikido-local-scanner scan [options] <path>

Run a scan.

Arguments:
  path                               The path you want to scan.

Options:
  --apikey <apikey>                  Apikey to send scanning results to Aikdo.
  --repositoryname <repositoryname>  Repo name to create or send results to.
  --branchname <branchname>          Branch name that is being scanned.
  --tmpdirectory <tmpdirectory>      Temporary directory to use during scanning. (default: "./.aikidotmp")
  --debug                            Add additional debug information to command output.
  --disable-artifact-scanning        Disable trivy rootfs scanning. Use to speed up scanning at the cost of not scanning artifacts such as .jar files.
  --scanners [scanners...]           Specify which of the scanners should be executed. (choices: "trivy", "semgrep", "checkov", "syft")
  --fail-on <severity>               Runs scanner in release gating mode and fails on the given severity. (choices: "low", "medium", "high", "critical")
  --gating-result-output <output>    JSON file to write issues to when running (release gating mode only)
  --no-fail-on-timeout               Do not fail the process in case the scan result polling times out (release gating mode only)
  --max-polling-attempts <amount>    Amount of times to poll for scan results, increase this if the default value of 20 is not enough (release gating mode only)
  -h, --help                         display help for command

Image scanning

Usage: aikido-local-scanner image-scan [options] <image>

Run an image scan.

Arguments:
  image                            The image you want to scan.

Options:
  --apikey <apikey>                Apikey to send scanning results to Aikdo.
  --platform <platform>            Set platform (to pull arm64 image on a amd64 system for example)
  --debug                          Add additional debug information to command output.
  --fail-on <severity>             Runs scanner in release gating mode and fails on the given severity. (choices: "low", "medium", "high", "critical")
  --gating-result-output <output>  JSON file to write issues to when running (release gating mode only)
  --no-fail-on-timeout             Do not fail the process in case the scan result polling times out (release gating mode only)
  --max-polling-attempts <amount>  Amount of times to poll for scan results, increase this if the default value of 20 is not enough (release gating mode only)
  -h, --help                       display help for command

Account Creation for Local Scanning on Aikido

Jenkins Setup for Local Scanner