Command-line interface
Structure
Our command-line interface is based on the following structure
skims [GLOBAL_OPTIONS] COMMAND [OPTIONS] [ARG]
Global options
--help
Feel free to pass the --help flag to learn more about the things it can do for you.
This will provide you with information on how to use the tool, as well as a short description of each existing flag.
Example:
skims --help
--strict
With this option you can run Machine in strict mode, which means that it will fail the execution (with an exit code 1) if it finds at least one vulnerability in your targets.
Ideal for using Machine Standalone as a CI/CD job.
Example:
skims --strict scan path/to/config.yaml
Commands
scan
Perform vulnerability detection
skims scan .
scan options
--csv
The output of the scan will be in csv format, creating a skims_output.csv
file in the path that was executed.
Example:
skims scan --csv path/to/directory
--sarif
The output of the scan will be in sarif format, creating a skims_output.sarif
file in the path that was executed.
Example:
skims scan --sarif path/to/config.yaml
scan arguments
Configuration file
This argument is the path to a configuration .yaml
file in which you can
customize the execution of the scanner
Example:
skims scan path/to/config.yaml
The configuration format is explained in the Configuration guidelines.
Directory
This argument is the path to a directory on which the scanner will be executed.
Example:
skims scan path/to/directory
URL
This argument is a URL, there are two types of urls that we analyze
-
Git repository URL If it is a URL of a git repository, we will download the repository and it will be analyzed
Example:
skims scan https://github.com/tree-sitter/tree-sitter.git
-
Page or web application URL If it is the url of a page or web application, a DAST analysis will be carried out
Example:
skims scan https://git-scm.com