Lucent Sky AVM CLI Core Reference

2024/10/2 |

This article provides reference materials about the features and functions of Lucent Sky AVM CLI.

This article is about the cross-platform CLI built with .NET, also referred to as CLI Core. For the corresponding article about the CLI built with .NET Framework, view the following article in the Lucent Sky Knowledge Base:
Get started with Lucent Sky AVM CLI

Lucent Sky AVM CLI has the following sets of features: Application, Autopilot, Config, Group, Maintenance, Query, Result, Scan, Tools, and User. They are called interfaces. Each interface has several methods, while each method accepts one or more arguments. If a method is declared as internal, it is for used by other Lucent Sky AVM interfaces (such as IDE extensions). Using internal methods is unsupported.

The names of interfaces, methods, and arguments are case-insensitive.

In this article

Application

The Application interface has the following methods: Create, Delete, GetEncodedList, GetList, GetRulePackages, and GetRuleRuntime.

Create

Create a new application.

./SkyAnalyzer.Interface.Cli --Interface Application --Method Create [--Key] --ApplicationId --Name --Framework [--Tags] [--WeaknessPolicies] [--Vectors] [--AnalysisTarget] [--Repository] [--Arguments] [--RulePackageId] [--RuntimeId]

This method requires membership of the built-in Users group.

To learn about using a custom rule package, view the following article in the Lucent Sky Knowledge Base:
Scan an application using a custom rule package

To learn about using a specific runtime, view the following article in the Lucent Sky Knowledge Base:
Scan an application with a specific runtime

Examples

Create a DotNet application named ContosoWeb.

$applicationId = New-Guid

./SkyAnalyzer.Interface.Cli --Interface Application --Method Create --ApplicationId $applicationId --Name "ContosoWeb" --Framework "DotNet"

Create a DotNet application named ContosoWeb, with tags prod and bay. Weakness policies are CWE79,0 and CWE501,2 Database and WebRequest are the vectors considered potentially dangerous. The relative path to the analysis target is ContosoWeb\ContosoWeb.csproj, big5 is set as the native encoding, while using the specified custom rule package and custom runtime.

$applicationId = New-Guid

./SkyAnalyzer.Interface.Cli --Interface Application --Method Create --ApplicationId $applicationId --Name "ContosoWeb" --Framework "DotNet" --Tags "prod;bay" --WeaknessPolicies "CWE79,0;CWE501,2" --Vectors "Database,WebRequest" --AnalysisTarget "ContosoWeb\ContosoWeb.csproj" --Arguments "encoding,big5" --RulePackageid $rulePackId --RuntimeId $runtimeId

Required arguments

  • --Name

    The name of the application to be created.

  • --Framework

    The framework of the application. Valid frameworks are DotNet, Android, ASP, Cpp, Go, iOS, Java, PHP, Python, StaticWeb, Universal, and VisualBasic.

Optional arguments

  • --Key

    The API key.

  • --ApplicationId

    A GUID to identify the application. If this argument is not present, it will be generated automatically.

  • --Tags

    The tags of the application to be created. Each tag should be separated by a semicolon.

  • --WeaknessPolicies

    The weakness policies, separated by semicolons. For example, CWE79,0;CWE501,2. If this argument is not present, the system default value will be used.

  • --Vectors

    The types of vectors considered potentially dangerous, separated by commas. For example, Database,WebRequest. If this argument is not present, the system default value will be used.

  • --AnalysisTarget

    The relative path to the analysis target within the source code archive or directory.

  • --Repository

    The repository connection string to pull the source code.

  • --Arguments

    The default scan arguments of the application.

  • --RulePackageId

    The GUID of the rule package to be set as the default rule package of the application. If this argument is not present, the system default value will be used.

  • --RuntimeId

    The GUID of the runtime to be set as the default runtime of the application. If this argument is not present, the system default value will be used.

Delete

Delete an application.

./SkyAnalyzer.Interface.Cli --Interface Application --Method Delete [--Key] --ApplicationId

This method requires the Owner role of the application, or Write permission to the Application API interface.

Examples

Delete the specified application.

./SkyAnalyzer.Interface.Cli --Interface Application --Method Delete --ApplicationId 'AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA'

Required arguments

  • --ApplicationId

    The GUID of the specified application.

Optional arguments

  • --Key

    The API key.

GetEncodedList

Internal: Return a list of all applications.

GetList

Return a list of all applications.

./SkyAnalyzer.Interface.Cli --Interface Application --Method GetList [--Key] [--Filter]

This method requires the Member or Owner role to the applications, or the Execute and Read permissions to the Application API interface.

Examples

Get a list of all applications.

./SkyAnalyzer.Interface.Cli --Interface Application --Method GetList

Optional arguments

  • --Key

    The API key.

  • --Filter

    The filter used to list applications. Valid filters are all and my.

GetRulePackages

Internal: Return a list of rule packages.

GetRuntimes

Internal: Return a list of runtimes.

Autopilot

The Autopilot interface has the following method: Start.

Start

Start an autopilot run with the specified source code archive or directory.

./SkyAnalyzer.Interface.Cli --Interface Autopilot --Method Start [--Key] [--Name] [--Tags] [--WeaknessPolicies] [--Vectors] [--Arguments] [--RulePackageId] --SourceCodePath

This method requires membership of the built-in Users group.

Examples

Identify the application frameworks in the specified source code archive, create corresponding applications (with ContosoWeb as the name and the application framework as the tag), automatically generated a new autopilot identifier, and start to scan.

./SkyAnalyzer.Interface.Cli --Interface Autopilot --Method Start --Name "ContosoWeb" --SourceCodePath "C:\Source.zip"

Identify the application frameworks in the specified source code archive, use existing applications with the autopilot identifier AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA, and start to scan.

./SkyAnalyzer.Interface.Cli --Interface Autopilot --Method Start --Tag "autopilot-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" --SourceCodePath "C:\Source.zip"

Required arguments

  • --SourceCodePath

    The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extension: .7z or .zip.

Optional arguments

  • --Key

    The API key.

  • --Name

    The name of the application(s) to be created. This argument is required if an existing autopilot identifier is not specified in the --Tags argument; otherwise, this argument is ignored.

  • --Tags

    The tags of the application to be created. Each tag should be separated by a semicolon. If no autopilot identifier is specified in this argument, one will be automatically generated. If an existing autopilot identifier is specified in this argument, all other tags are ignored.

  • --WeaknessPolicies

    The weakness policies, separated by semicolons. For example, CWE79,0;CWE501,2. If this argument is not present, the system default value will be used. This argument is ignored if an existing autopilot identifier is specified in the --Tags argument.

  • --Vectors

    The types of vectors considered potentially dangerous, separated by commas. For example, Database,WebRequest. If this argument is not present, the system default value will be used. This argument is ignored if an existing autopilot identifier is specified in the --Tags argument.

  • --Arguments

    The default scan arguments of the application. Arguments not applicable to the identified framework(s) are ignored. This argument is ignored if an existing autopilot identifier is specified in the --Tags argument.

  • --RulePackageId

    The GUID of the rule package to be set as the default rule package of the application. If this argument is not present, the system default value will be used. This argument is ignored if an existing autopilot identifier is specified in the --Tags argument.

Config

The Config interface has the following method: Set.

Set

Set a configuration option.

./SkyAnalyzer.Interface.Cli --Interface Config --Method Set --Value

This method does not require authentication.

Examples

Configure the CLI to communicate with a remote Lucent Sky AVM instance.

# Replace <InstanceFqdn> with the FQDN or IP address of the CLEAR Engine instance
$InstanceFqdn = "<InstanceFqdn>"
./SkyAnalyzer.Interface.Cli --Interface Config --Method Set --Value "endpoint = ${InstanceFqdn}:5759"

Configure the CLI to use named pipe endpoints to communicate with a CLEAR Engine instance:

./SkyAnalyzer.Interface.Cli --Interface Config --Method Set --Value "endpoint = namedpipe"

Required arguments

  • --Value

    The key and value to configure, in the format of key = value. Valid key is endpoint.

Group

The Group interface has the following methods: Create, Delete, Edit, GetEncodedList, and GetList.

Create

Create a new group.

./SkyAnalyzer.Interface.Cli --Interface Group --Method Create [--Key] --Name

This method requires Full Control of the Group API interface.

Examples

Create a group named Auditors.

./SkyAnalyzer.Interface.Cli --Interface Group --Method Create --Name "Auditors"

Required arguments

  • --Name

    The name of the group.

Optional arguments

  • --Key

    The API key.

Delete

Delete a group.

./SkyAnalyzer.Interface.Cli --Interface Group --Method Delete [--Key] --GroupId

This method requires Full Control of the Group API interface.

Examples

Delete the specified group.

./SkyAnalyzer.Interface.Cli --Interface Group --Method Delete --GroupId "0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0"

Required arguments

  • GroupId

    The GUID of the group.

Optional arguments

  • --Key

    The API key.

Edit

Edit a group.

./SkyAnalyzer.Interface.Cli --Interface Group --Method Edit [--Key] --GroupId --Name --Members --Permissions

This method requires Full Control of the Group API interface.

Examples

Update the specified group to have read permission for the Application and related API interfaces.

./SkyAnalyzer.Interface.Cli --Interface Group --Method Edit --GroupId "0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0" --Permissions "Application,4"

Update the specified group to have users 01010101-0101-0011-0100-010101010010 and 02020202-0202-0022-0200-020202020020 as its members.

./SkyAnalyzer.Interface.Cli --Interface Group --Method Edit --GroupId "0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0" --Members "01010101-0101-0011-0100-010101010010,02020202-0202-0022-0200-020202020020"

Required arguments

  • GroupId

    The GUID of the group.

Optional arguments

  • --Key

    The API key.

  • --Name

    The name of the group. If this argument is not present or is empty, the group's name will not be modified.

  • --Members

    The GUID of the member users of the group, seperated by commas. If this argument is not present, the group's members will not be modified. If this argument is empty, all members will be removed from the group.

  • --Permissions

    The API permissions the group's members have access to, with the interface and permission separated by a comma and permission entries separated by semicolons. Valid interfaces are Project, Settings, and User. Permission is a bit field (a set of flags). 0 represents no permission, 1 represents execute or list permission, 2 represents write permission, and 4 represents read permission. For example, Project,7;Settings,4 gives full control (execute, write, and read permissions) to the Project and related API interfaces, read permission to the Settings and related API interfaces, and no permission to other interfaces. If this argument is not present, the group's permissions will not be modified. If this argument is empty, all permissions will be removed from the group.

GetEncodedList

Internal: Return a list of all groups.

GetList

Return a list of all groups.

./SkyAnalyzer.Interface.Cli --Interface Group --Method GetList [--Key]

This method requires authentication and does not require specific permission.

Examples

Get a list of all groups.

./SkyAnalyzer.Interface.Cli --Interface Group --Method GetList

Optional arguments

  • --Key

    The API key.

Maintenance

The Maintenance interface has the following methods: DownloadApl, DownloadLogs, GetLicense, and GetSystemStatus.

DownloadApl

Download the APL files of the specified framework.

./SkyAnalyzer.Interface.Cli --Interface Maintenance --Method DownloadApl [--Key] --Framework --AplPath

This method requires authentication and does not require specific permission.

Examples

Download the APL files for DotNet to C:\APL-DotNet.zip.

./SkyAnalyzer.Interface.Cli --Interface Maintenance --Method DownloadApl --Framework "DotNet" --AplPath "C:\APL-DotNet.zip"

Required arguments

  • --Framework

    The framework of the APL binaries. Valid frameworks are DotNet, Java, and PHP.

  • --AplPath

    The path to save the APL binaries. The path must have the extension .zip.

Optional arguments

  • --Key

    The API key.

DownloadLogs

Download the system logs of the specified date.

./SkyAnalyzer.Interface.Cli --Interface Maintenance --Method DownloadLogs [--Key] --LogsDate --LogsPath

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.

Examples

Download the system logs on 2020/4/1 to C:\System-Logs-20200401.zip.

./SkyAnalyzer.Interface.Cli --Interface Maintenance --Method DownloadLogs --LogsDate "2020/4/1" --LogsPath "C:\System-Logs-20200401.zip"

Required arguments

  • --LogsDate

    The date, in system time, of the system logs to download.

  • --LogsPath

    The path to save the log files. The path must have the extension .zip.

Optional arguments

  • --Key

    The API key.

GetLicense

Return the license information of the CLEAR Engine instance.

./SkyAnalyzer.Interface.Cli --Interface Maintenance --Method GetLicense [--Key]

This method requires authentication and does not require specific permission.

Examples

Get the license information of the CLEAR Engine instance.

./SkyAnalyzer.Interface.Cli --Interface Maintenance --Method GetLicense

Optional arguments

  • --Key

    The API key.

GetSystemStatus

Return the system status of the CLEAR Engine instance.

./SkyAnalyzer.Interface.Cli --Interface Maintenance --Method GetSystemStatus [--Key]

This method requires authentication and does not require specific permission. Getting performance counters requires membership of the built-in Users group.

Examples

Get the system status of the CLEAR Engine instance.

./SkyAnalyzer.Interface.Cli --Interface Maintenance --Method GetSystemStatus

Optional arguments

  • --Key

    The API key.

Query

The Query interface has the following method: Execute.

Execute

Execute the specified query against the data source.

./SkyAnalyzer.Interface.Cli --Interface Query --Method Execute [--Key] --QueryDataSource --QueryStatement

This method does not require authentication when querying against a local data source and requires Execute and Read permissions of the Query API interface when querying against a CLEAR Engine instance.

Examples

Query the number of results in an XML report with a 1 or 2 priority.

./SkyAnalyzer.Interface.Cli --Interface Query --Method Execute --QueryDataSource "C:\Report.xml" --QueryStatement "SELECT COUNT(ID) FROM Results WHERE PRIORITY <= 2"

Query the application ID of applications that have the jquery dependency with version number lower than 1.4.2.1 in their most recent scan.

./SkyAnalyzer.Interface.Cli --Interface Query --Method Execute --QueryDataSource "Engine" --QueryStatement "SELECT ApplicationId FROM Dependencies WHERE Name = 'jquery' AND Version < '1.4.2.1'"

Required arguments

  • --QueryDataSource

    The path to the data source. Valid values are Engine or the path to an XML report.

  • --QueryStatement

    The query statement to execute.

Optional arguments

  • --Key

    The API key.

Result

The Result interface has the following methods: Hide and Unhide.

Hide

Hide a result.

./SkyAnalyzer.Interface.Cli --Interface Result --Method Hide [--Key] --ResultId

This method requires the Owner role of the application or the scan, or Write permission to the Result API interfaces.

Examples

Hide the specified result.

./SkyAnalyzer.Interface.Cli --Interface Result --Method Hide --ResultId "01010010-0101-0010-0101-001001010010"

Required arguments

  • --ResultId

    The GUID of the specified result.

Optional arguments

  • --Key

    The API key.

Unhide

Unhide a result.

./SkyAnalyzer.Interface.Cli --Interface Result --Method Unhide [--Key] --ResultId

This method requires the Owner role of the application or the scan, or Write permission to the Result API interfaces.

Examples

Unhide the specified result.

./SkyAnalyzer.Interface.Cli --Interface Result --Method Unhide --ResultId "01010010-0101-0010-0101-001001010010"

Required arguments

  • --ResultId

    The GUID of the specified result.

Optional arguments

  • --Key

    The API key.

Scan

The Scan interface has the following methods: Analyze, Archive, BeginAnalyze, BeginImport, BeginRemediate, BeginReport, Create, Delete, DownloadLogs, EndRemediate, EndReport, GetRemediateStatus, GetReportStatus, GetResult, GetStage, GetStatus, Import, Purge, Remediate, and Report.

Analyze

Upload the source code and start the scan. This is a synchronous method and will not return until the scan is completed.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Analyze [--Key] --ScanId --SourceCodePath

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface. It also requires membership of the built-in Users group.

To learn more about creating the source code archive of an application, view the following article in the Lucent Sky Knowledge Base:
Prepare an application scanning

Examples

Upload the source code archive at C:\Source.zip to the specified scan and start the scan.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Analyze --ScanId "55555555-5555-5555-5555-555555555555" --SourceCodePath "C:\Source.zip"

Pull source code using the repository connecting string to the specified scan and start the scan.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Analyze --ScanId "55555555-5555-5555-5555-555555555555" --SourceCodePath ".repository"

Required arguments

  • --ScanId

    The GUID of the specified scan.

  • --SourceCodePath

    The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extension: .7z, .jar, .war, or .zip. To pull source code using the repository connection string of the application or scan, set the path to .repository.

Optional arguments

  • --Key

    The API key.

Archive

Archive scans created before a specified date and time.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Archive [--Key] --PurgeThreshold

This method requires Execute and Read permissions to the Scan API interface.

Examples

Archive scans created before June 15, 2019 1:45:30 PM (UTC).

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Archive --PurgeThreshold "2019-06-15T13:45:30"

Required arguments

  • --PurgeThreshold

    The date and time threshold, in UTC, to purge or archive scans. The threshold must be at least 168 hours earlier than the current time. Scans started before the threshold will be deleted, unless they are in progress or in queue. Applications with no scan after the purge will also be deleted, unless the CascadePurge argument is set to False. The date and time format must conform with .NET Standard Date and Time Format Strings, such as 2009-06-15T13:45:30.

Optional arguments

  • --Key

    The API key.

  • --CascadePurge

    True (default) will delete applications with no scan after the purge and False will keep applications with no scan after the purge.

BeginAnalyze

Upload the source code then start the scan. This is an asynchronous method and will return when the scan starts.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginAnalyze [--Key] --ScanId --SourceCodePath

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface. It also requires membership of the built-in Users group.

Examples

Upload the source code archive at C:\Source.zip to the specified scan and start the scan.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginAnalyze --ScanId "55555555-5555-5555-5555-555555555555" --SourceCodePath "C:\Source.zip"

Pull source code using the repository connection string to the specified scan and start the scan.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginAnalyze --ScanId "55555555-5555-5555-5555-555555555555" --SourceCodePath ".repository"

Required arguments

  • --ScanId

    The GUID of the specified scan.

  • --SourceCodePath

    The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extension: .7z, .jar, .war, or .zip. To pull source code using the repository connection string of the application or scan, set the path to .repository.

Optional arguments

  • --Key

    The API key.

BeginImport

Upload the source code and foreign report file then start the scan. This is an asynchronous method and will return when the scan starts.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginImport [--Key] --ScanId --ForeignReportPath --SourceCodePath

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface. It also requires membership of the built-in Users group.

Examples

Upload the foreign report file at C:\Report.xml and the source code archive at C:\Source.zip to the specified scan and start the scan.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginImport --ScanId "55555555-5555-5555-5555-555555555555" --ForeignReportPath "C:\Report.xml" --SourceCodePath "C:\Source.zip"

Required arguments

  • --ScanId

    The GUID of the specified scan.

  • --ForeignReportPath

    The path to the foreign report file to be imported. The path must have one of the following extension: .fpr, .txt, or .xml.

  • --SourceCodePath

    The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extension: .7z, .jar, .war, or .zip.

Optional arguments

  • --Key

    The API key.

BeginRemediate

Generate remediated source code of a completed scan. This is an asynchronous method and will return a tick representing this specific remediated source code archive when generation starts.

$ticks = ./SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginRemediate [--Key] --ScanId --RemediationOption

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.

Examples

Start to generate the remediated source code archive of the specified scan, including remediation information and original source code in the remediated source code. A tick representing the remediated source code archive will be saved to the ticks variable.

$ticks = ./SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginRemediate --ScanId "55555555-5555-5555-5555-555555555555" --RemediationOption 3

Required arguments

  • --ScanId

    The GUID of the specified scan.

Optional arguments

  • --Key

    The API key.

  • --RemediationOption

    Use this argument to control how the remediated source code is generated. This argument is a bit field (a set of flags). 1 indicates that remediation information should be included as comments, 2 indicates that the original source code should be included as comments, 4 indicates that a diff file should be generated, and 8 indicates that only modified files should be included. For example, when RemediationOption is set to 5, the remediated source code will include remediation information as comments and include the diff file. If this argument is not present, 0 will be used (does not include any of the above).

BeginReport

Generate the report of a completed scan. This is an asynchronous method and will return a tick representing this specific report when generation starts.

$ticks = ./SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginReport [--Key] --ScanId --ReportFormat [--ReportLanguage]

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.

Examples

Start to generate the report in xml format of the specified scan. A tick representing the report will be saved to the ticks variable.

$ticks = ./SkyAnalyzer.Interface.Cli --Interface Scan --Method BeginReport --ScanId "55555555-5555-5555-5555-555555555555" --ReportFormat "xml"

Required arguments

  • --ScanId

    The GUID of the specified scan. If this argument is not present, it will be generated automatically.

  • --ReportFormat

    The format, style, and verbosity of the report. Valid values for format are html, pdf, and xml. Valid values for style are audit, dark, and quick if the format is html, and audit, quality if the format is pdf. Valid values for verbosity are detailedverbosity and minimalverbosity if the format is html or pdf.

Optional arguments

  • --Key

    The API key.

  • --ReportLanguage

    The language of the report. Valid values are en (default), de, ja, and zh.

Create

Create a new scan.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Create [--Key] --ApplicationId --ScanId [--Tags] [--WeaknessPolicies] [--Vectors] [--AnalysisTarget] [--Repository] [--Arguments] [--Type] [--SkipValidation]

This method requires the Member or Owner role of the application, or Read permission of the Application API interface. It also requires membership of the built-in Users group.

Examples

Create a scan under the specified application.

$scanId = New-Guid

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Create --ApplicationId "A4A4A4A4-A4A4-A4A4-A4A4-A4A4A4A4A4A4" --ScanId $scanId

Create a scan under the specified application using intelligent analysis, with tags prod and bay. Weakness policies are CWE79,0 and CWE501,2 Database and WebRequest are the vectors considered potentially dangerous. The relative path to the analysis target is ContosoWeb\ContosoWeb.csproj, and scan arguments encoding,big5.

$scanId = New-Guid

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Create --ApplicationId "A4A4A4A4-A4A4-A4A4-A4A4-A4A4A4A4A4A4" --ScanId "55555555-5555-5555-5555-555555555555" --Tags "prod;bay" --WeaknessPolicies "CWE79,0;CWE501,2" --Vectors "Database" --AnalysisTarget "ContosoWeb\ContosoWeb.csproj" --Arguments "encoding,big5"

Create a scan under the specified application using intelligent analysis, and override the application's weakness policies with default weakness policies. The WeaknessPolicies argument is set to a space character to ensure it from being correctly parsed as empty instead of null.

$scanId = New-Guid

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Create --ApplicationId "A4A4A4A4-A4A4-A4A4-A4A4-A4A4A4A4A4A4" --ScanId "55555555-5555-5555-5555-555555555555" --WeaknessPolicies " "

Required arguments

  • --ScanId

    A GUID to identify the scan. If this argument is not present, it will be generated automatically.

  • --ApplicationId

    The GUID of the application this scan belong to.

Optional arguments

  • --Key

    The API key.

  • --Tags

    The tags of the scan to be created. Each tag should be separated by a semicolon.

  • --WeaknessPolicies

    The weakness policies, separated by semicolons. For example, CWE79,0;CWE501,2. If this argument is not present, the value from application will be used. If this argument is empty or contains only spaces, default weakness policies will be used.

  • --Vectors

    The types of vectors considered potentially dangerous, separated by commas. For example, Database,WebRequest. If this argument is not present, the value from application will be used. If this argument is empty or contains only spaces, default vectors will be used.

  • --AnalysisTarget

    The relative path to the analysis target, such as a project file or a binary file, within the source code archive or directory. If this argument is not present, the value from application will be used. If this argument is empty or contains only spaces, analysis target will detected automatically.

  • --Repository

    The repository connection string to pull the source code.

  • --Arguments

    The scan arguments for this scan. If this argument is not present, the value from application will be used. If this argument is empty or contains only spaces, no scan argument will be set.

  • --Type

    The scan analysis type. 0 is built-in static analysis (default) and 1 is foreign analysis importation.

  • --SkipValidation

    False (default) will perform rule package integrity check and True will skip rule package integrity check.

Delete

Delete a scan.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Delete [--Key] --ScanId

This method requires the Owner role of the application or the scan, or Write permission of the Scan API interface.

Examples

Delete the specified scan.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Delete --ScanId $scanId

Required arguments

  • --ScanId

    The GUID of the specified scan.

Optional arguments

  • --Key

    The API key.

DownloadLogs

Download log files associated with a scan.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method DownloadLogs [--Key] --ScanId --LogsPath

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.

Examples

Download the log files of the specified scan to C:\Logs.zip.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method DownloadLogs --ScanId "55555555-5555-5555-5555-555555555555" --LogsPath "C:\Logs.zip"

Required arguments

  • --ScanId

    The GUID of the specified scan.

  • --LogsPath

    The path to save the log files. The path must have the extension .zip.

Optional arguments

  • --Key

    The API key.

EndRemediate

Download the specified remediated source code of a completed scan, or the last remediated source code archive of a completed scan if none was specified.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method EndRemediate [--Key] --ScanId --RemediatedSourceCodePath [--Ticks]

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.

Examples

Download the remediated source code archive of the specified scan that is associated with the specified ticks to C:\RemediatedSource.zip.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method EndRemediate --ScanId "55555555-5555-5555-5555-555555555555" --RemediatedSourceCodePath "C:\RemediatedSource.zip" --Ticks "637449696000000000"

Required arguments

  • --ScanId

    The GUID of the specified scan.

  • --RemediatedSourceCodePath

    The path to save the remediated source code. The path must have the extension .zip.

Optional arguments

  • --Key

    The API key.

  • --Ticks

    The ticks associated with a remediated source code archive. If this argument is not present, the last remediated source code archive will be download.

EndReport

Download the specified report of a completed scan, or the last report of a completed scan if none was specified.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method EndReport [--Key] --ScanId --ReportPath --ReportFormat [--ReportLanguage] [--Ticks]

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.

Examples

Download the xml report of the specified scan that is associated with the specified ticks to C:\Report.zip:

./SkyAnalyzer.Interface.Cli --Interface Scan --Method EndReport --ScanId "55555555-5555-5555-5555-555555555555" --ReportPath "C:\Report.zip" --ReportFormat "xml" --Ticks "637449696000000000"

Required arguments

  • --ScanId

    The GUID of the specified scan.

  • --ReportFormat

    The format, style, and verbosity of the report. Valid values are html, html,audit, html,dark, html,verbose, html,audit,dark, html,audit,verbose, html,dark,verbose, html,audit,dark,verbose, pdf, pdf,audit, pdf,quality, pdf,verbose, pdf,audit,quality, pdf,audit,verbose, pdf,quality,verbose, pdf,audit,quality,verbose, and xml.

  • --ReportPath

    The path to save the report. The path must have the extension .zip.

Optional arguments

  • --Key

    The API key.

  • --ReportLanguage

    The language of the report. Valid languages are en (default) and zh.

  • --Ticks

    The ticks associated with a specific report. If this argument is not present, the last report of the specified or default language will be download.

GetRemediateStatus

Return the status of remediated source code generation. 0 if the generation is ongoing, 1 if the generation has completed, and 2 if the generation has failed.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method GetRemediateStatus [--Key] --ScanId --Ticks

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.

Examples

Get the status of the remediated source code archive of the specified scan that is associated with the specified ticks:

./SkyAnalyzer.Interface.Cli --Interface Scan --Method GetRemediateStatus --ScanId "55555555-5555-5555-5555-555555555555" --Ticks "637449696000000000"

Required arguments

  • --ScanId

    The GUID of the specified scan.

  • --Ticks

    The ticks associated with a specific remediated source code archive.

Optional arguments

  • --Key

    The API key.

GetReportStatus

Return the status of report generation. 0 if the generation is ongoing, 1 if the generation has completed, 2 if the generation has failed.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method GetReportStatus [--Key] --ScanId --Ticks --ReportFormat

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.

Examples

Get the status of the xml report of the specified scan that is associated with the specified ticks.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method GetReportStatus --ScanId "55555555-5555-5555-5555-555555555555" --Ticks "637449696000000000" --ReportFormat "xml"

Required arguments

  • --ScanId

    The GUID of the specified scan.

  • --ReportFormat

    The format, style, and verbosity of the report. Valid values are html, html,audit, html,dark, html,verbose, html,audit,dark, html,audit,verbose, html,dark,verbose, html,audit,dark,verbose, pdf, pdf,audit, pdf,quality, pdf,verbose, pdf,audit,quality, pdf,audit,verbose, pdf,quality,verbose, pdf,audit,quality,verbose, and xml.

  • --Ticks

    The ticks associated with a specific report.

Optional arguments

  • --Key

    The API key.

GetResult

Return the result code of a completed scan. If the scan completed successfully, 0 is returned regardless if the scan has warnings; if the scan failed, the actual result code is returned.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method GetResult [--Key] --ScanId

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.

Examples

Get the result code of the specified scan.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method GetResult --ScanId $scanId

Required arguments

  • --ScanId

    The GUID of the specified scan.

Optional arguments

  • --Key

    The API key.

GetStage

Internal: Return the stage and progress of an ongoing scan.

GetStatus

Return the status of a scan. True if the scan has completed (even if the scan has failed) and False if the scan is ongoing.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method GetStatus [--Key] --ScanId

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.

Examples

Get the status of the specified scan.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method GetStatus --ScanId $scanId

Required arguments

  • --ScanId

    The GUID of the specified scan.

Optional arguments

  • --Key

    The API key.

Import

Upload the source code and foreign report file and start the scan. This is a synchronous method and will not return until the scan is completed.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Import [--Key] --ScanId --ForeignReportPath --SourceCodePath

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface. It also requires membership of the built-in Users group.

Examples

Upload the foreign report file at C:\Report.xml and the source code archive at C:\Source.zip to the specified scan and start the scan.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Import --ScanId "55555555-5555-5555-5555-555555555555" --ForeignReportPath "C:\Report.xml" --SourceCodePath "C:\Source.zip"

Required arguments

  • --ScanId

    The GUID of the specified scan.

  • --ForeignReportPath

    The path to the foreign report file to be imported. The path must have one of the following extension: .fpr, .txt, or .xml.

  • --SourceCodePath

    The path to the source code archive or directory to be analyzed. For source code archives, the path must have one of the following extension: .7z, .jar, .war, or .zip.

Optional arguments

  • --Key

    The API key.

Purge

Delete scans created before a specified date and time.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Purge [--Key] --PurgeThreshold [--CascadePurge]

This method requires Execute and Read permissions to the Scan API interface.

Examples

Purge scans created before June 15, 2019 1:45:30 PM (UTC).

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Purge --PurgeThreshold "2019-06-15T13:45:30"

Required arguments

  • --PurgeThreshold

    The date and time threshold, in UTC, to purge or archive scans. The threshold must be at least 168 hours earlier than the current time. Scans started before the threshold will be deleted, unless they are in progress or in queue. Applications with no scan after the purge will also be deleted, unless the CascadePurge argument is set to False. The date and time format must conform with .NET Standard Date and Time Format Strings, such as 2009-06-15T13:45:30.

Optional arguments

  • --Key

    The API key.

  • --CascadePurge

    True (default) will delete applications with no scan after the purge and False will keep applications with no scan after the purge.

Remediate

Generate remediated source code of a completed scan and download it when generation is completed. This is a synchronous method and will not return until the generation is completed.

$ticks = ./SkyAnalyzer.Interface.Cli --Interface Scan --Method Remediate [--Key] --ScanId  --RemediatedSourceCodePath [--RemediationOption]

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.

Examples

Generate the remediated source code archive of the specified scan, including remediation information and original source code in the remediated source code, and download it to C:\RemediatedSource.zip.

$ticks = ./SkyAnalyzer.Interface.Cli --Interface Scan --Method Remediate --ScanId "55555555-5555-5555-5555-555555555555" --RemediationOption 3 --RemediatedSourceCodePath "C:\RemediatedSource.zip"

Required arguments

  • --ScanId

    The GUID of the specified scan.

  • --RemediatedSourceCodePath

    The path to save the remediated source code. The path must have the extension .zip.

Optional arguments

  • --Key

    The API key.

  • --RemediationOption

    Use this argument to control how the remediated source code is generated. This argument is a bit field (a set of flags). 1 indicates that remediation information should be included as comments, 2 indicates that the original source code should be included as comments, 4 indicates that a diff file should be generated, and 8 indicates that only modified files should be included. For example, when RemediationOption is set to 5, the remediated source code will include remediation information as comments and include the diff file. If this argument is not present, 0 will be used (does not include any of the above).

Report

Generate the report of a completed scan and download it when generation is completed. This is a synchronous method and will not return until the generation is completed.

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Report --ScanId --ReportFormat --ReportPath [--ReportLanguage`]

This method requires the Member or Owner role of the application, or Read permission of the Scan API interface.

Examples

Generate the report in html format of the specified scan and download it to C:\Report.zip:

./SkyAnalyzer.Interface.Cli --Interface Scan --Method Report --ScanId "55555555-5555-5555-5555-555555555555" --ReportFormat "html" --ReportPath "C:\Report.zip"

Required arguments

  • --ScanId

    The GUID of the specified scan.

  • --ReportFormat

    The format, style, and verbosity of the report. Valid values are html, html,audit, html,dark, html,verbose, html,audit,dark, html,audit,verbose, html,dark,verbose, html,audit,dark,verbose, pdf, pdf,audit, pdf,quality, pdf,verbose, pdf,audit,quality, pdf,audit,verbose, pdf,quality,verbose, pdf,audit,quality,verbose, and xml.

  • --ReportPath

    The path to save the report. The path must have the extension .zip.

Optional arguments

  • --Key

    The API key.

  • --ReportLanguage

    The language of the report. Valid languages are en (default) and zh.

Tools

The Tools interface has the following methods: Base64Encode and DetectFrameworks.

Base64Encode

Generate the base64-encoded value of a user object.

./SkyAnalyzer.Interface.Cli --Interface Tools --Method Base64Encode --Value

This method does not require authentication.

Examples

Generate the base64-encoded string of a user object of the built-in account [email protected] with the password password and save it to the variable $userObject.

$userObject = ./SkyAnalyzer.Interface.Cli --Interface Tools --Method Base64Encode --Value "[email protected] password Sql"

Required arguments

  • --Value

    The format is Email Password AccountType. Use Sql as AccountType for built-in accounts; ActiveDirectory for organizational accounts.

DetectFrameworks

Internal: Detect the application frameworks of the specified directory.

User

The Tools interface has the following methods: Authenticate, Create, Delete, Edit, GetEncodedList, GetList, Migrate, and SetPassword.

Authenticate

Internal: Validate if the user credentials are valid.

Create

Create a new user.

./SkyAnalyzer.Interface.Cli --Interface User --Method Create [--Key] --Email --Provider [--Password]

This method requires Write permission to the User API interface.

Examples

Create a new local user [email protected] with password password.

./SkyAnalyzer.Interface.Cli --Interface User --Method Create --Provider "Sql" --Email "[email protected]" --Password "password"

Create a new organizational user [email protected].

./SkyAnalyzer.Interface.Cli --Interface User --Method Create --Provider "ActiveDirectory" --Email "[email protected]"

Required arguments

  • --Email

    The email of the user.

  • --Provider

    The membership provider of the user. Valid providers are ActiveDirectory and Sql.

Optional arguments

  • --Key

    The API key.

  • --Password

    The password of the user. This argument is required when using the SQL membership provider and is ignored when using the Active Directory membership provider.

Delete

Delete a user.

./SkyAnalyzer.Interface.Cli --Interface User --Method Delete [--Key] --UserId

This method requires Write permission to the User API interface.

Examples

Delete the specified user.

./SkyAnalyzer.Interface.Cli --Interface User --Method Delete --UserId "01010101-0101-0011-0100-010101010010"

Required arguments

  • --UserId

    GUID of the specified user.

Optional arguments

  • --Key

    The API key.

Edit

Edit a user.

./SkyAnalyzer.Interface.Cli --Interface User --Method Edit --UserId --Groups

This method requires Write and Read permissions to the User API interface.

Examples

Update the specified user to have membership of groups 0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0 and 0B0B0B0B-0B0B-00BB-0B00-0B0B0B0B00B0.

./SkyAnalyzer.Interface.Cli --Interface User --Method Edit --UserId "01010101-0101-0011-0100-010101010010" --Groups "0A0A0A0A-0A0A-00AA-0A00-0A0A0A0A00A0,0B0B0B0B-0B0B-00BB-0B00-0B0B0B0B00B0"

Required arguments

  • --UserId

    GUID of the specified user.

Optional arguments

  • --Key

    The API key.

GetEncodedList

Internal: Return a list of all users.

GetList

Return a list of all users.

./SkyAnalyzer.Interface.Cli --Interface User --Method GetList [--Key]

This method requires authentication and does not require specific permission.

Examples

Get a list of all users.

./SkyAnalyzer.Interface.Cli --Interface User --Method GetList

Optional arguments

  • --Key

    The API key.

Migrate

Migrate the data of one user to another user.

./SkyAnalyzer.Interface.Cli --Interface User --Method Migrate [--Key] --UserId --Value

This method requires Write and Read permissions to the User API interface.

Examples

Migrate the data of user 01010101-0101-0011-0100-010101010010 to destination user 02020202-0202-0022-0200-020202020020.

./SkyAnalyzer.Interface.Cli --Interface User --Method Migrate --UserId "01010101-0101-0011-0100-010101010010" --Value "02020202-0202-0022-0200-020202020020"

Required arguments

  • --UserId

    GUID of the source user.

  • --Value

    GUID of the destination user.

Optional arguments

  • --Key

    The API key.

SetPassword

Set the password of a user.

./SkyAnalyzer.Interface.Cli --Interface User --Method SetPassword [--Key] --UserId --Password

This method requires Write permission to the User API interface.

Examples

Set the password for user with user ID 01010101-0101-0011-0100-010101010010 to password.

./SkyAnalyzer.Interface.Cli --Interface User --Method SetPassword --UserId "01010101-0101-0011-0100-010101010010" --Password "password"

Required arguments

  • --UserId

    GUID of the specified user.

  • --Password

    Password of the user.

Optional arguments

  • --Key

    The API key.

Appendix

Verbs

Lucent SKy AVM CLI supports the use of verbs instead of interfaces and methods. Combine the Interface and Method arguments with a space in between to use as a verb. As with the names of interfaces and methods, verbs are case-insensitive.

When using a verb, it must be the first argument.

Example

$applicationId = New-Guid
# Replace <ApplicationName> with a descriptive name of the application
$applicationName = "<ApplicationName>"
# Replace <Framework> with the framework of the application
$framework = "<Framework>"
./SkyAnalyzer.Interface.Cli application create --Name $applicationName --Framework $framework --ApplicationId $applicationId

### Environment variables

Lucent Sky AVM CLI supports the following environment variables:

- `--CLEAR_API_KEY`

    The API key. If both the `Key` argument and the `CLEAR_API_KEY` environment variable are present, the value of the `Key` argument will be used.

**Example**

Set the `CLEAR_API_KEY` to the value of an API key, then get the list of all applications.

```powershell
$env:CLEAR_API_KEY = "lsDZG9X9PlkuK+bv+tJFpg8tUS4ISbWTi4+kQKm7Wh0="
./SkyAnalyzer.Interface.Cli --Interface Application --Method GetList

Log in using credentials

Log in using user credentials has been deprecated in favor of using API keys. To log in using user credentials, omit the Key argument and set the Credential argument to the Base64-encoded user object.

Examples

Create an user object of the local user [email protected] with password password and get the list of all applications.

$userObject = ./SkyAnalyzer.Interface.Cli --Interface Tools --Method Base64Encode --Value "[email protected] password Sql"
./SkyAnalyzer.Interface.Cli --Interface Application --Method GetList --Credential $userObject

Resolve common issues using CLI exit code

After calling a method in CLI, the process will return an exit code. The default exit code 0 will be returned if the process has completed successfully. Refer to the table below for a list of all exit codes, their causes and solutions.

  • 0 - The process has completed successfully.
  • -11 - User authentication failed. (AUTHENTICATION_FAILED)
  • -12 - User authorization failed. (AUTHORIZATION_FAILED)
  • -100 - The license has expired, has no remaining scans, or is invalid. (INVALID_LICENSE)
  • -111 - The number of applications has reached the limit of the license. (PROJECT_LIMIT_REACHED)
  • -112 - The number of users has reached the limit of the license. (USER_LIMIT_REACHED)
  • -121 - The specified framework is not available. (INVALID_FRAMEWORK)
  • -122 - The specified report format is not available. (INVALID_REPORT_FORMAT)
  • -123 - The specified remediation option is not available. (INVALID_MITIGATION_OPTION)
  • -201 - The API model is null. (NULL_API_MODEL)
  • -202 - The API model is invalid. (INVALID_API_MODEL)
  • -203 - The input is invalid. (INVALID_INPUT)
  • -301 - The storage is offline. (OFFLINE)
  • -302 - The storage functional level is incompatible. (FUNCTIONAL_LEVEL)
  • -20000 - An unexpected error occurred.
  • -20001 - The platform or architecture is unsupported.
  • -20002 - The configuration file is invalid.
  • -20004 - Network error. Verify the network status or try again later.
  • -20005 - Operation timeout. Verify the network status or try again later.
  • -20006 - Communication error. Verify the network status or try again later.
  • 20011 - The synchronized method has timed-out, but has started successfully.
  • 20021 - The method completed successfully, but is no longer applicable to the scan.
  • -20100 - One or more arguments is invalid.
  • -20101 - 'Interface' is missing or invalid.
  • -20102 - 'Method' is missing or invalid.
  • -20103 - One or more arguments for this method is missing.
  • -20105 - Authentication or authorization failed.
  • -20106 - 'Value' is invalid.
  • -20201 - 'Framework' is invalid.
  • -20203 - 'Repository' is invalid.
  • -20206 - 'Vectors' is invalid.
  • -20208 - 'RulePackageId' is not present.
  • -20209 - 'RuntimeId' is not present or is incompatible to the framework of the application.
  • -20211 - 'Filter' is invalid.
  • -20301 - 'Type' is invalid.
  • -20302 - 'SourceCodePath' is not a valid path or the specified file or directory does not exist.
  • -20303 - 'SourceCodePath' is in an unsupported format.
  • -20304 - 'ForeignReportPath' is not a valid file path or the specified file does not exist.
  • -20305 - 'ForeignReportPath' is in an unsupported format.
  • -20306 - 'RemediatedSourceCodePath' must have a zip extension.
  • -20307 - 'RemediationOption' is invalid.
  • -20308 - 'Ticks' is invalid.
  • -20309 - 'ReportFormat' is invalid.
  • -20310 - 'ReportPath' must have a zip extension.
  • -20311 - 'ReportLanguage' is invalid.
  • -20312 - 'PurgeThreshold' is invalid.
  • -20313 - 'LogsPath' must have a zip extension.
  • -20401 - 'AplPath' must have a zip extension.
  • -20403 - 'LogsDate' is invalid.
  • -20404 - 'Groups' is invalid.
  • -20405 - 'Members' is invalid.
  • -20406 - 'Permissions' is invalid.
  • -21000 - The 'ScanId' is invalid for this action.
  • -21001 - Failed to set password.
  • -21101 - The 'ReportProjectRoot' scan argument is not present in 'Arguments'.
  • -21102 - Failed to download the file. The file size cannot exceed 2 GB.
  • -21103 - The specified scan does not have any generated remediated source code.
  • -21104 - The remediated source code is still being generated.
  • -21105 - Failed to generate remediated source code.
  • -21106 - An I/O error occurred. Try again later.
  • -21107 - The specified scan does not have a generated report.
  • -21108 - The report is still being generated.
  • -21109 - Failed to generate report.
  • -21110 - The specified framework is invalid for this type of foreign report.
  • -21200 - The 'ApplicationId' is invalid for this action.
  • -22001 - The specified data source does not exist or is not supported.
  • -22002 - The query is not supported or invalid.
  • -22003 - An error occurred while processing the query.
  • -22101 - An error occurred while detecting frameworks.
  • -23001 - An error occurred while starting autopilot.
  • -23002 - Failed to detect the frameworks of the application.
  • -1200001 - This method is only available after the scan has completely successfully. (ACTION_NOT_AVAILABLE)
  • -1200002 - The scan has an analysis or importation that is in-progress or completed. (SCAN_ALREADY_EXECUTED)
  • -1200011 - The specified scan id or ticks is invalid. (INVALID_INPUT_COMBINATION)
  • -1200012 - This method is not available for the type of the scan. (INVALID_TYPE)
  • 1200013 - No log is available for the specified scan. (LOG_FILE_NOT_EXIST)
  • -1200014 - The specified threshold is invalid. (INVALID_THRESHOLD)
  • -1300001 - This method is only available after the scan has completely successfully. (ACTION_NOT_AVAILABLE)
  • -1400011 - An unspecified error occurred while extracting the archive file. (ARCHIVE_UNSPECIFIED_ERROR)
  • -1400012 - The archive file is in an unsupported format. (ARCHIVE_NOT_SUPPORTED)
  • -1400013 - An IO exception occurred while extracting the archive file. (ARCHIVE_IO_EXCEPTION)
  • -1400014 - The archive file is corrupted. (ARCHIVE_INVALID_DATA)
  • -1400015 - The path length of some entries in the archive exceeds the limit of the file system. (ARCHIVE_PATH_TOO_LONG)
  • -1400017 - The scan configuration file is invalid. (ARCHIVE_INVALID_CONFIG_FILE)
  • -1400121 - The action is not available. (ACTION_NOT_AVAILABLE)
  • -1400122 - The uploaded report file is invalid. (INVALID_FOREIGN_REPORT)
  • -1400131 - The repository connection string is invalid. (REPOSITORY_INVALID_CONNECTION_STRING)
  • -1400132 - A connection error occurred when connecting to the repository. (REPOSITORY_CONNECTION_ERROR)
  • -1400133 - An authentication or authorization error occurred when connecting to the repository. (REPOSITORY_AUTHENTICATION_ERROR)
  • -1400139 - A generic error occurred when connecting to the repository. (REPOSITORY_GENERIC_ERROR)
  • -1400151 - The uploaded rule package is invalid. (INVALID_RULE_PACK)
  • -1400152 - Identification rules in the rule package are invalid. (INVALID_IDENTIFICATION_RULES)
  • -1400153 - Identification source code rules in the rule package are invalid. (INVALID_IDENTIFICATION_SOURCE_CODE_RULES)
  • -1400154 - Remediation rules in the rule packages are invalid. (INVALID_REMEDIATION_RULES)
  • -1400155 - Suppression rules in the rule packages are invalid. (INVALID_SUPPRESSION_RULES)
  • -1400156 - The rule package contains files with invalid names. (INVALID_FILE_NAME)
  • -1400161 - The uploaded runtime is invalid. (INVALID_RUNTIME)
  • -1400411 - The signature is invalid. (INVALID_SIGNATURE)
  • -1700011 - The email already exists. (DUPLICATE_EMAIL)
  • -1700012 - The email is invalid. (INVALID_EMAIL)
  • -1700013 - The password is invalid. (INVALID_PASSWORD)
  • -1700014 - The user does not exist in the Active Directory. (PROVIDER_ERROR)
  • -1700021 - A generic error occurred. (GENERIC_ERROR)
  • -1700031 - The user is invalid. (INVALID_USER)
  • -3100001 - The specified scan arguments are invalid. (INVALID_SCAN_ARGUMENTS)
  • -3100015 - The specified weakness policies are invalid. (INVALID_WEAKNESS_POLICIES)
  • -3200001 - The query statement is invalid. (INVALID_QUERY_STATEMENT)
  • -4100021 - Lucent Sky AVM Server setup program is missing. Contact your system administrator. (SETUP_NOT_FOUND)
  • -4100031 - An unspecified error occurred during activation. Contact Lucent Sky support. (UNSPECIFIED_ACTIVATION_ERROR)
  • -4100032 - The product key is not well-formed. (MALFORMED_PRODUCT_KEY)
  • -4100033 - The license file is invalid. (INVALID_LICENSE_FILE)
  • -4100034 - An error occurred while communicating with the activation server. Try again later or use offline activation. (ACTIVATION_SERVER_ERROR)
  • -4100035 - The product key has expired or exceeded its activation limit. (EXPIRED_PRODUCT_KEY)
  • -4100036 - The serial number in the license file does not match the serial number of this instance. (SERIAL_NUMBER_MISMATCH)
  • -4100037 - An error occurred while setting up this instance as a node. (NODE_SETUP_ERROR)
  • -4100038 - An error occurred while converting between editions. (CONVERSION_ERROR)
  • -4100039 - An error occurred while initializing supplementary license store. (SUPPLEMENT_LICENSE_STORE_ERROR)
  • 4100041 - No log is available for the specified date range. (LOG_FILE_NOT_EXIST)
  • 4100042 - Restart CLEAR Engine to complete the maintenance. (RESTART_REQUIRED)
  • -4100043 - There is one or more scans in progress. (SCAN_IN_PROGRESS)
  • -9999960 - An I/O error occurred. (IO_ERROR)
  • -9999970 - A data error occurred. (DATA_ERROR)
  • -9999980 - A system error occurred. (SYSTEM_ERROR)
  • -9999990 - An unexpected error occurred. (ERROR)