Boman CLI is a Orchestration script written in python to run security scans on the local or CI/CD environment and upload the results to Boman.ai SaaS server.
pip install boman-cli
boman-cli -h
boman-cli -a run -at <project token> -ct <customer token>
To obtain project token and customer token. Go to SaaS platform. Click on Apps -> app menu of the particular app -> Get Scan Token
boman-cli -a test-saas
boman-cli -a test-yaml
boman-cli -a run
boman-cli -a run -u {URL}
boman-cli -a run -fb {severity}
Severity can be high, medium or low.
Example: boman-cli -a run -fb high
boman-cli -a run -config <custom_boman_yaml_file_name_here>
Example: boman-cli -a run -config ./customboman.yaml
boman-cli -a run -zap_session_script <custom_session_script_file_name_here>
Example: boman-cli -a run -zap_session_script ./session.js
0 : Successfull scan 1 : Server/SaaS error 2 : Auth error 3 : Docker/System error 4 : Misconfig error
boman.yaml to the SaaS platform. Navigate to Apps -> App menu -> Configure pipeline to set it up. The current boman.yaml configuration will remain functional until it is officially deprecated.- New scan added: IaC.
- Ignore files or directory for SAST and SCA
- New scan added: SBOM.
- New scan added: Container scan.
- New Tool added for SCA scan type.
- [Bug fix] Updated the Upload Logs success message
Released on: 21 June 2024
- Adapted to our new Boman SaaS platform
Released on: 20 June 2024
- Fixed docker-request libraries issue
- Zap Authenticated scan
- Fetch Git details
- custom boman.yaml and zap session script load option
Released on: 21 May 2024
FAQs
CLI tool of boman.ai
We found that boman-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.