Using scbctl - CLI for secureCodeBox
scbctl
is a command-line interface tool designed to simplify interactions with secureCodeBox CustomResources like Scans and ScheduledScans. It provides an easier alternative to using kubectl
and helm
for certain operations.
Installation
To install scbctl
:
-
Clone the secureCodeBox repository:
git clone https://github.com/secureCodeBox/secureCodeBox.git
-
Build the tool:
make scbctl
-
Move the binary to a directory in your PATH:
cd scbctl
sudo mv scbctl /usr/local/bin/scbctl
Key Commands
Creating a Scan
Use the scan
command to create a new Scan custom resource:
scbctl scan [scanType] -- [parameters...]
Examples:
- Basic scan:
scbctl scan nmap -- scanme.nmap.org
- Named scan:
scbctl scan nmap --name my-nmap-scan -- scanme.nmap.org
- Multiple parameters:
scbctl scan nuclei -- -target example.com
- Scan in a specific namespace:
scbctl scan --namespace testing nmap -- -p 80 scanme.nmap.org
Triggering a ScheduledScan
To manually trigger a ScheduledScan:
scbctl trigger [scheduledScanName] [flags]
Examples:
- Trigger a scan:
scbctl trigger nmap-localhost
- Trigger in a different namespace:
scbctl trigger nmap-localhost --namespace production
Additional Features
-
Namespace Selection: Most commands support a
--namespace
flag to specify the Kubernetes namespace. -
Custom Naming: You can provide custom names for scans using the
--name
flag with thescan
command. -
Shell Completion:
scbctl
offers shell completion to make command usage easier. Usescbctl completion --help
for setup instructions.
Tips for Effective Use
-
Explore Help: Use
scbctl --help
orscbctl [command] --help
for detailed information about commands and flags. -
Namespace Awareness: Always be mindful of which namespace you're operating in, especially in multi-tenant environments.
-
Combining with kubectl: While
scbctl
simplifies many operations, you may still need to usekubectl
for more advanced Kubernetes operations. -
Automation: Consider incorporating
scbctl
commands into scripts or CI/CD pipelines for automated security scanning.