This repository contains:
-
A tool to execute and monitor Vulcan checks using the Vulcan Core API.
-
A package with a go client to REST vulcan-core api. Import path:
github.com/adevinta/vulcan-core-cli/vulcan-core/client -
A swagger specification of the vulcan core api. Thar spec can be found in: github.com/adevinta/vulcan-core-cli/_resources/swagger.yaml
go get -v github.com/adevinta/vulcan-core-cli
Execute vulcan-core-cli and check its commands and options.
Current commands are:
It's similar to cscan, but in this case both the list of targets and checktypes must be provided (using the same format than the targets and checktypes filters from above).
Example:
vulcan-core-cli scan targets.txt checktypes.txt -o /tmp/
After running cscan or scan commands, the checks are executed by Vulcan Core. The monitor command will poll Vulcan Core for the checks status, until all the checks are in a final state (like FINISHED).
Example:
$ vulcan-core-cli monitor /tmp/37620de0-2484-4304-9724-1278ad837937.gob -i 10The rest api it's implemented in the vulcan-scan-engine except for the assettypes and checktypes endpoints that are still implemented in the vulcan-persistence.
There's a swagger document that describes it.
The API client is autogenerated in go using the goa framework.
The API design using the goa DSL language can be found in the design folder.
The current client can be imported in go with this import path:
"github.com/adevinta/vulcan-core-cli/vulcan-core/client"
To generate the client the and swagger definition from the goa design files execute:
cd vulcan-core
source clear.sh
source build.sh