Scan IaC Files in the CLI Local Mode
You can use Tenable Cloud Security CLI to view scan results locally without publishing them to the cloud with the local mode. In this mode, the scan results are displayed in the console and the CLI does not push the scan results to the Tenable Cloud Security Console. You can use this feature to scan your test repository branches for any violations. Local mode is supported only for IaC scans with both plan-based and static analysis.
Before you begin:
You must have the following:
-
Project ID
The policy attached to the selected project is used for the assessment. For more information, see Create a Project and Associate Policies with a Project.
-
Configuration file. For more information, see Download the configuration file.
-
Terraform. For more information, see Install Terraform.
-
CLI. For more information, see Install or Upgrade the CLI.
Ensure that the CLI version is 1.0.42 and higher.
To run an IaC scan using the Tenable Cloud Security CLI:
-
In the command terminal, initialize Terraform configuration files:
Copyaccurics init
-
Run the accurics plan or accurics scan command in the following ways:
-
Pipeline mode
Copyaccurics plan -mode=pipeline -appurl=<application_url> -token=<API_token> -project=<project_ID> -test
Copyaccurics scan -mode=pipeline -appurl=<application_url> -token=<API_token> -project=<project_ID> -test
Where:
-
application_url: URL of the Tenable Cloud Security Console, which is https://cloud.tenable.com/cns.
-
API_token: API authentication token you generate from Tenable Cloud Security. For more information, see Generate API Tokens.
-
project_ID: Project in Tenable Cloud Security. Specify the project ID for running a scan in the local mode.
-
-test: Specifies that the repository and scan results are not pushed to the Tenable Cloud Security Console.
-
-
With configuration file
Copyaccurics plan -config=<config_file_path> -test
Copyaccurics scan -config=<config_file_path> -test
Where:
-
config_file_path: Relative or absolute path of the configuration file that you download from the Tenable Cloud Security Console.
-
-
For detailed information about the commands and parameters in Tenable Cloud Security CLI, see Tenable Cloud Security Commands and Options.