cli

module

v0.9.2 Latest Latest Go to latest Published: Apr 30, 2024 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nullify-platform/cli

Links

Open Source Insights

README ¶

Nullify CLI

Nullify CLI dynamically tests and fuzzes your endpoints for security vulnerabilities.

Getting Started

Download the latest release or build from source
See our quickstart guide for more info

Usage

Usage: nullify [--host HOST] [--verbose] [--debug] [--nullify-token NULLIFY-TOKEN] [--github-token GITHUB-TOKEN] <command> [<args>]

Options:
  --host HOST            The base URL of your Nullify API instance [default: api.nullify.ai]
  --verbose, -v          Enable verbose logging
  --debug, -d            Enable debug logging
  --nullify-token NULLIFY-TOKEN
                         Nullify API token
  --github-token GITHUB-TOKEN
                         GitHub actions job token to exchange for a Nullify API token
  --help, -h             display this help and exit
  --version              display version and exit

Commands:
  dast                   Test the given app for bugs and vulnerabilities

Usage: DAST Scans

Usage: nullify dast [--app-name APP-NAME] [--spec-path SPEC-PATH] [--target-host TARGET-HOST] [--header HEADER] [--github-owner GITHUB-OWNER] [--github-repo GITHUB-REPO] [--local] [--image-label IMAGE-LABEL] [--force-pull] [--use-host-network]

Options:
  --app-name APP-NAME    The unique name of the app to be scanned, you can set this to anything e.g. Core API
  --spec-path SPEC-PATH
                         The file path to the OpenAPI file (both yaml and json are supported) e.g. ./openapi.yaml
  --target-host TARGET-HOST
                         The base URL of the API to be scanned e.g. https://api.nullify.ai
  --header HEADER        List of headers for the DAST agent to authenticate with your API
  --github-owner GITHUB-OWNER
                         The GitHub username or organisation
  --github-repo GITHUB-REPO
                         The repository name to create the Nullify issue dashboard in e.g. cli
  --local                Test the given app locally for bugs and vulnerabilities in private networks
  --image-label IMAGE-LABEL
                         Version of the DAST local image that is used for scanning [default: latest]
  --force-pull           Force a docker pull of the latest version of the DAST local image
  --use-host-network     Use the host network for the DAST local scan

Global options:
  --host HOST            The base URL of your Nullify API instance [default: api.nullify.ai]
  --verbose, -v          Enable verbose logging
  --debug, -d            Enable debug logging
  --nullify-token NULLIFY-TOKEN
                         Nullify API token
  --github-token GITHUB-TOKEN
                         GitHub actions job token to exchange for a Nullify API token
  --help, -h             display this help and exit
  --version              display version and exit

Usage: Authentication

The Nullify CLI need to authenticate with the Nullify API.

This can be done in the following ways:

Using the --nullify-token option
Using the NULLIFY_TOKEN environment variable

Example DAST Scan

Cloud Hosted Scan:

nullify dast \
  --app-name      "My REST API" \
  --spec-path     "./openapi.json" \
  --target-host   "https://api.myapp1234.dev" \
  --github-owner  "my-username" \
  --github-repo   "my-repo" \
  --header        "Authorization: Bearer 1234"

Locally Hosted Scan:

nullify dast \
  --app-name      "My REST API" \
  --spec-path     "./openapi.json" \
  --target-host   "https://api.myapp1234.dev" \
  --github-owner  "my-username" \
  --github-repo   "my-repo" \
  --header        "Authorization: Bearer 1234" \
  --local

Same Machine Scan:

nullify dast \
  --app-name      "My REST API" \
  --spec-path     "./openapi.json" \
  --target-host   "https://api.myapp1234.dev" \
  --github-owner  "my-username" \
  --github-repo   "my-repo" \
  --header        "Authorization: Bearer 1234" \
  --use-host-network \
  --local

The locally hosted scan can be run from within private networks to test private APIs.

Global Options

Name	Description	Required	Default
`host`	The base URL of your Nullify API instance, e.g. https://api.nullify.ai	`false`	https://api.nullify.ai
`verbose`	Enable verbose logging	`false`
`debug`	Enable debug logging	`false`
`nullify-token`	Nullify API token	`false`
`github-token`	GitHub actions job token to exchange for a Nullify API token	`false`
`help`	Display help and exit	`false`
`version`	Display version and exit	`false`

DAST Options

Name	Description	Required	Default
`app-name`	The unique name of the app to be scanned, e.g. Core API	`true`
`spec-path`	The file path to the OpenAPI file (both yaml and json are supported), e.g. ./openapi.yaml	`true`
`target-host`	The base URL of the API to be scanned, e.g. https://api.nullify.ai	`true`
`github-owner`	The GitHub username or organisation to create the Nullify issue dashboard in, e.g. nullify-platform	`true`
`github-repo`	The repository name to create the Nullify issue dashboard in, e.g. cli	`true`
`header`	List of headers for the DAST agent to authenticate with your API	`false`
`local`	Test the given app locally for bugs and vulnerabilities in private networks	`false`
`version`	Version of the DAST local image that is used for scanning [default: ]	`false`	latest

Directories ¶

Path	Synopsis
cmd
cli
internal
client
dast
lib
models

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL