Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.
This article describes the basic features of the CLI, and guides you through the process of scanning an application using the CLI. To learn about other functionalities of the CLI, view the following article in the Lucent Sky Knowledge Base:
Lucent Sky AVM CLI reference
This article is about the CLI built with .NET Framework. For the corresponding article about the cross-platform CLI built with .NET, view the following article in the Lucent Sky Knowledge Base:
Get started with Lucent Sky AVM CLI
In this article, you will learn how to:
- Install and configure Lucent Sky CLI
- Create an API key
- Create a zip file containing the source code of an application.
- Scan an application
- Download the remediated source code
- Download the report
At the end, you will be able to use the CLI to scan applications and generate remediated source code and reports.
Prerequisites
- Bash, Command Prompt, or PowerShell - This article uses PowerShell in its examples, but the CLI can also be used with Bash and Command Prompt.
Install and configure Lucent Sky AVM CLI
To learn about how to install Lucent Sky AVM CLI, view the following article in the Lucent Sky Knowledge Base:
Administration guide to Lucent Sky AVM CLI
Create a zip file containing the source code of an application.
To learn about creating the source code archive of an application, view the following article in the Lucent Sky Knowledge Base:
Prepare an application scanning
Create an API key
- Go to the Web UI in your browser, and then sign in with your credentials.
- Go to Settings > Account, and select Create a new key. In the dialog, enter CLI as the description of the key, then select Create Key.
- Select and copy the generated API key.
Configure the CLI
- Open PowerShell, and navigate to the directory where the CLI is installed.
-
Enter the following command to set up the CLI to use a remote Lucent Sky AVM instance:
# Replace <InstanceFqdn> with the FQDN or IP address of the Lucent Sky AVM instance $InstanceFqdn = "<InstanceFqdn>" .\SkyAnalyzer.Interface.Console.exe --Interface config --Method set --Value "endpoint = ${InstanceFqdn}:5759"
-
Enter the following command to create an environment variable to store the API key for authentication:
# Replace <ApiKey> with the API key $Env:CLEAR_API_KEY = "<ApiKey>"
Scan an application
- Open PowerShell, and navigate to the directory where the CLI is installed.
-
Enter the following command to create an application:
$applicationId = New-Guid # Replace <ApplicationName> with a descriptive name of the application $applicationName = "<ApplicationName>" # Replace <Framework> with the framework of the application $framework = "<Framework>" .\SkyAnalyzer.Interface.Console.exe --Interface Application --Method Create --Name $applicationName --Framework $framework --ApplicationId $applicationId
-
Enter the following command to create a scan:
$scanId = New-Guid .\SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Create --ApplicationId $applicationId --ScanId $scanId
-
Enter the following command to upload the application source code and start the scan:
# Replace <SourceCodePath> with path to the source code archive $sourceCodePath = "<SourceCodePath>" .\SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Analyze --ScanId $scanId --SourceCodePath $sourceCodePath
The command will exit when the scan is completed. To learn more about how to start a scan asynchronously, view the following article in the Lucent Sky Knowledge Base:
Lucent Sky AVM CLI reference
Download the remediated source code
-
Enter the following command to generate and download the remediated source code:
# Replace <RemediatedSourceCodePath> with path to save the remediated source code archive $remediatedSourceCodePath = "<RemediatedSourceCodePath>" .\SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Remediate --ScanId $scanId --RemediatedSourceCodePath $remediatedSourceCodePath --RemediationOption 0
Download the report
-
Enter the following command to generate and download a report in HTML format:
# Replace <ReportPath> with path to save the remediated source code archive $reportPath = "<ReportPath>" .\SkyAnalyzer.Interface.Console.exe --Interface Scan --Method Report --ScanId $scanId --ReportPath $reportPath --ReportFormat html