Set up Code Analysis Through CLI

You can use the Tenable Cloud Security (formerly known as Tenable.cs) command-line interface (CLI) to scan code on your local machine. Tenable Cloud Security provides security for CI/CD pipelines. You can integrate Tenable Cloud Security CLI into the CI/CD jobs to detect violations and block risky builds and view scan results in the Tenable Cloud Security Console.

Note: All instances of Tenable Cloud Security CLI refer to Accurics CLI.

There are two ways to scan your IaC code through the CLI:

  • Plan-based analysis (accurics plan): The accurics plan command supports only Terraform files.

  • Static analysis (accurics scan): The accurics scan command supports Terraform, CloudFormation templates, Azure Resource Manager template, Kubernetes, Kustomize, and Helm Chart. You must install Terrascan in your environment to perform static analysis.