Using scbctl - CLI for secureCodeBox
scbctl is a command-line interface tool designed to simplify interactions with secureCodeBox CustomResources like Scans and ScheduledScans. It provides an easier alternative to using kubectl and helm for certain operations.
Installation
To install scbctl:
-
Clone the secureCodeBox repository:
git clone https://github.com/secureCodeBox/secureCodeBox.git -
Build the tool:
make scbctl -
Move the binary to a directory in your PATH:
cd scbctl
sudo mv scbctl /usr/local/bin/scbctl
Key Commands
Creating a Scan
Use the scan command to create a new Scan custom resource:
scbctl scan [scanType] -- [parameters...]
Examples:
- Basic scan:
scbctl scan nmap -- scanme.nmap.org - Named scan:
scbctl scan nmap --name my-nmap-scan -- scanme.nmap.org - Multiple parameters:
scbctl scan nuclei -- -target example.com - Scan in a specific namespace:
scbctl scan --namespace testing nmap -- -p 80 scanme.nmap.org
Triggering a ScheduledScan
To manually trigger a ScheduledScan:
scbctl trigger [scheduledScanName] [flags]
Examples:
- Trigger a scan:
scbctl trigger nmap-localhost - Trigger in a different namespace:
scbctl trigger nmap-localhost --namespace production
Additional Features
-
Namespace Selection: Most commands support a
--namespaceflag to specify the Kubernetes namespace. -
Custom Naming: You can provide custom names for scans using the
--nameflag with thescancommand. -
Shell Completion:
scbctloffers shell completion to make command usage easier. Usescbctl completion --helpfor setup instructions.
Tips for Effective Use
-
Explore Help: Use
scbctl --helporscbctl [command] --helpfor detailed information about commands and flags. -
Namespace Awareness: Always be mindful of which namespace you're operating in, especially in multi-tenant environments.
-
Combining with kubectl: While
scbctlsimplifies many operations, you may still need to usekubectlfor more advanced Kubernetes operations. -
Automation: Consider incorporating
scbctlcommands into scripts or CI/CD pipelines for automated security scanning.