Introduction

Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.

This article describes the basic features of the CLI, and guides you through the process of scanning an application using the CLI. To learn about other functionalities of the CLI, view the following article in the Lucent Sky Knowledge Base:
Lucent Sky AVM CLI reference

More Information

You will learn how to:

  • Install and configure Lucent Sky CLI
  • Create an API key
  • Create a zip file containing the source code of an application.
  • Scan an application
  • Download the remediated source code
  • Download the report

At the end, you will be able to use the CLI to scan applications and generate remediated source code and reports.

Prerequisites

  • Bash, Command Prompt, or Windows PowerShell - This guide uses PowerShell in its examples, while the CLI can also be used with Bash and Command Prompt.

Install and configure Lucent Sky AVM CLI

To learn about how to install Lucent Sky AVM CLI, view the following article in the Lucent Sky Knowledge Base:
Administration guide to Lucent Sky AVM CLI

Create a zip file containing the source code of an application.

To learn about creating the source code archive of an application, view the following article in the Lucent Sky Knowledge Base:
Prepare an application scanning

Create an API key

  1. Go to the Web UI in your browser, and then sign in with your credentials.
  2. Go to Settings > Account, and select Create a new key. In the dialog, enter CLI as the description of the key, then select Create Key.
  3. Select and copy the generated API key.

Scan an application

  1. Open PowerShell, and navigate to the directory where the CLI is installed.
  2. Enter the following command to set up authentication:

     $apiKey = "lsDZG9X9PlkuK+bv+tJFpg8tUS4ISbWTi4+kQKm7Wh0="
    
  3. Enter the following command to create an application, where ContosoWeb is a descriptive name for the application and DotNet is the framework for the application:

     $applicationId = New-Guid
     .\SkyAnalyzer.Interface.Console.exe --Key $apiKey --Interface Application --Method Create --Name "ContosoWeb" --Framework DotNet --ApplicationId $applicationId
    
  4. Enter the following command to create a scan:

     $scanId = New-Guid
     .\SkyAnalyzer.Interface.Console.exe --Key $apiKey --Interface Scan --Method Create --ApplicationId $applicationId --ScanId $scanId
    
  5. Enter the following command to upload the application source code and start the scan, where C:\Source.zip is the path to the application source code archive:

     .\SkyAnalyzer.Interface.Console.exe --Key $apiKey --Interface Scan --Method Analyze --ScanId $scanId --SourceCodePath "C:\Source.zip"
    

    The command will exit when the scan is completed. To learn more about how to start a scan asynchronously, view the following article in the Lucent Sky Knowledge Base:
    Lucent Sky AVM CLI reference

Download the remediated source code

  1. Enter the following command to generate and download the remediated source code, where C:\RemediatedSource.zip is the path to save the remediated source code:

     .\SkyAnalyzer.Interface.Console.exe --Key $apiKey --Interface Scan --Method Remediate --ScanId $scanId --RemediatedSourceCodePath "C:\RemediatedSource.zip" --RemediationOption 0
    

Download the report

  1. Enter the following command to generate and download a report, where html is the report format and C:\Report.zip is the path to save the report:

     .\SkyAnalyzer.Interface.Console.exe --Key $apiKey --Interface Scan --Method Report --ScanId $scanId --ReportPath "C:\Report.zip" --ReportFormat html