Skip to content

Command Line Interface

The Escape CLI provides a set of commands to interact with the Escape platform.

The CLI requires an API key to authenticate with the Escape platform. Set it as an environment variable:

export ESCAPE_API_KEY=<YOUR_API_KEY>

Command Overview

The Escape CLI provides the following commands:

COMMAND            DESCRIPTION
profiles           Interact with profiles
  create-graphql   Create a GRAPHQL profile
  create-rest      Create a REST profile
  create-webapp    Create a WEBAPP profile
  get              Get a profile
  list             List profiles
assets             Interact with assets or integrations
  create           Create an asset
  delete           Delete an asset
  get              Get an asset
  list             List assets
  update           Update an asset
audit              Interact with audits
  list             List audit logs
events             Interact with events
  get              Get an event
  list             List events
issues             Interact with issues
  get              Get an issue
  list             List issues
  list-activities  List the activities of an issue
  update           Update an issue
locations          Interact with locations
  delete           Delete a location
  get              Get a location
  list             List locations
  start            Start a location
scans              View scans results
  cancel           Cancel a scan
  get              Get scan status
  ignore           Ignore a scan
  issues           List scan issues
  list             List scans
  start            Start a scan
  watch            Watch a scan
tags               Interact with tags
  create           Create a tag
  list             List tags
version            Prints the version of the CLI

Profiles

Interact with your Escape profiles.


List Profiles

List all your Escape profiles.

escape-cli profiles list

Aliases: list, ls

Optional Filters:

  • --all Show profiles for all asset types (including ASM profiles)
  • -d, --domain strings domain (e.g. example.com)
  • -n, --initiator strings initiator (e.g. SCHEDULED)
  • -k, --kind strings kind (e.g. BLST_REST)
  • -r, --risk strings risk (e.g. SENSITIVE_DATA)
  • -s, --search string search (e.g. Example Profile 2)
  • -a, --asset-id strings asset ID (e.g. 00000000-0000-0000-0000-000000000000)
  • -i, --issue-id strings issue ID (e.g. 00000000-0000-0000-0000-000000000000)
  • -t, --tag-id strings tag ID (e.g. 00000000-0000-0000-0000-000000000000)

API Reference: GET /profiles

Example Output:

ID                                    CREATED AT                ASSET TYPE  INITIATORS      NAME
00000000-0000-0000-0000-000000000000  2025-08-14T11:54:56.653Z  WEBAPP      [SCHEDULED]     Example Profile

Get Profile

Get details about a profile.

escape-cli profiles get profile-id

Aliases: get, describe Arguments: profile-id (ID of the profile)

API Reference: GET /profiles/{id}

Example Output:

ID                                    CREATED AT                CRON       RISKS             NAME
00000000-0000-0000-0000-000000000000  2025-04-22T14:44:19.805Z  0 9 * * 6  [SENSITIVE_DATA]  Example Profile

Create REST DAST Profile

Create a REST DAST profile.

escape-cli profiles create-rest <profile-conf.json

or

cat profile-conf.json | escape-cli profiles create-rest

Arguments:

  • profile-conf.json (path to the profile configuration file)

API Reference: POST /profiles/rest


Create GRAPHQL Profile

Create a GRAPHQL profile.

escape-cli profiles create-graphql <profile-conf.json

or

cat profile-conf.json | escape-cli profiles create-graphql

Arguments:

  • profile-conf.json (path to the profile configuration file)

API Reference: POST /profiles/graphql


Create WEBAPP Profile

Create a WEBAPP profile.

escape-cli profiles create-webapp <profile-conf.json
cat profile-conf.json | escape-cli profiles create-webapp

Arguments:

  • profile-conf.json (path to the profile configuration file)

API Reference: POST /profiles/webapp


Manage Assets (Integrations)

Interact with your Escape assets.

List Assets

List all assets.

escape-cli assets list

Aliases: list, ls

Optional Filters:

  • -m, --manually-created Filter by manually created assets
  • -s, --search string Search term to filter assets by
  • --statuses strings Filter by asset statuses: [DEPRECATED FALSE_POSITIVE MONITORED OUT_OF_SCOPE]
  • -t, --types strings Filter by asset types: [FRONTEND_ANGULAR FRONTEND_JAVASCRIPT FRONTEND_JQUERY FRONTEND_REACT FRONTEND_SVELTE FRONTEND_VUE GRAPHQL_APOLLO GRAPHQL_GRAPHQLYOGA REST_ASP_NET REST_DJANGO REST_EXPRESS_JS REST_FLASK REST_GIN REST_HONO REST_LARAVEL REST_NESTJS REST_NEXTJS REST_NUXTJS REST_RUBY_ON_RAILS REST_SPRING_BOOT REST_SYMFONY UNKNOWN]

API Reference: GET /assets

Example Output:

ID                                    CREATED AT                TYPE  STATUS      LAST SEEN                 RISKS     NAME
00000000-0000-0000-0000-000000000001  2025-06-17T14:28:11.024Z  REST  DEPRECATED  2025-06-17T14:28:11.024Z  [EXPOSED] https://example.com/api  

Get Asset

Get detailed information about a specific asset.

escape-cli assets get asset-id

Aliases: get, g Arguments: asset-id

API Reference: GET /assets/{id}

Example Output:

ID                                    CREATED AT                TYPE  STATUS      LAST SEEN                 RISKS     NAME
00000000-0000-0000-0000-000000000001  2025-06-17T14:28:11.024Z  REST  DEPRECATED  2025-06-17T14:28:11.024Z  [EXPOSED] https://example.com/api  

Create Asset

Get detailed information about a specific asset.

escape-cli assets create <asset-conf.json

or

cat asset-conf.json | escape-cli assets create

Arguments:

  • asset-conf.json (path to the asset configuration file)

API Reference: POST /assets


Update Asset

Update an existing asset.

escape-cli assets update asset-id

Aliases: update, u

Arguments:

  • asset-id (ID of the asset to update)

Optional Flags:

  • -d, --description string description of the asset
  • -f, --framework string framework of the asset: [FRONTEND_ANGULAR FRONTEND_JAVASCRIPT FRONTEND_JQUERY FRONTEND_REACT FRONTEND_SVELTE FRONTEND_VUE GRAPHQL_APOLLO GRAPHQL_GRAPHQLYOGA REST_ASP_NET REST_DJANGO REST_EXPRESS_JS REST_FLASK REST_GIN REST_HONO REST_LARAVEL REST_NESTJS REST_NEXTJS REST_NUXTJS REST_RUBY_ON_RAILS REST_SPRING_BOOT REST_SYMFONY UNKNOWN]
  • --owners strings list of asset owners (email)
  • -s, --status string status of the asset: [DEPRECATED FALSE_POSITIVE MONITORED OUT_OF_SCOPE]
  • -t, --tag-ids strings list of tag IDs

API Reference: PUT /assets/{id}


Delete Asset

Delete an existing asset.

escape-cli assets delete asset-id

Arguments: asset-id (ID of the asset to delete)

Aliases: delete, d

API Reference: DELETE /assets/{id}


Manage Locations

Interact with your Escape locations.

List Locations

List all locations.

escape-cli locations list

Aliases: list, ls

Optional Filters:

  • -e, --enabled Filter by enabled locations
  • -s, --search string Search term to filter locations by
  • -t, --type strings Filter by location type (private, escape, repeater)

API Reference: GET /locations

Example Output:

ID                                    NAME           TYPE     ENABLED  LINK
4d27d666-9e1f-4c52-a83f-06b3b5820657  location-name  PRIVATE  true     Link

Start Location

Start a location by its name.

escape-cli locations start location-name

Aliases: start

Arguments: location-name (name of the location to start)

Info

[The command will continue running until interrupted with Ctrl+C]


Delete Location

Delete a location by its ID.

escape-cli locations delete location-id

Aliases: delete, del, remove\ Arguments: location-id (ID of the location to delete)

API Reference: DELETE /locations/{id}


Manage Scans

Interact with your Escape scans.

List Scans

List all scans of an application.

escape-cli scans list application-id

Aliases: ls, sc, scan\ Arguments: application-id (ID of the application)

Example Output:

ID                                      STATUS      CREATED AT                           PROGRESS
00000000-0000-0000-0000-000000000001    FINISHED    2025-02-05 08:34:47.541 +0000 UTC    0.000000
00000000-0000-0000-0000-000000000002    FINISHED    2025-02-02 08:27:23.919 +0000 UTC    0.000000
00000000-0000-0000-0000-000000000003    FINISHED    2025-01-31 18:35:48.477 +0000 UTC    0.000000
00000000-0000-0000-0000-000000000004    FINISHED    2025-01-30 08:25:49.656 +0000 UTC    0.000000

Start Scan

Start a new scan of an application.

escape-cli scans start application-id [flags]

Arguments: application-id (ID of the application to scan)

Options:

  • --watch, -w: Watch for scan events and follow progress
  • --commit-hash: Commit hash
  • --commit-link: Commit link
  • --commit-branch: Commit branch
  • --commit-author: Commit author
  • --profile-picture: Commit author profile picture link
  • --override, -c: Configuration override (JSON)

Example:

escape-cli scans start 00000000-0000-0000-0000-000000000000
escape-cli scans start 00000000-0000-0000-0000-000000000000 --commit-hash 1234567890
escape-cli scans start 00000000-0000-0000-0000-000000000000 --override '{"scan": {"read_only": true}}'

Watch Scan

Bind the current terminal to a scan, listen for events and print them to the terminal.

escape-cli scans watch scan-id

Arguments: scan-id (ID of the scan to watch)


Get Scan

Get detailed information about a specific scan.

escape-cli scans get scan-id

Aliases: describe\ Arguments: scan-id (ID of the scan)

Example Output:

ID                                      STATUS      CREATED AT                           PROGRESS
00000000-0000-0000-0000-000000000001    FINISHED    2024-11-27 08:06:59.576 +0000 UTC    1.000000

Get Scan Issues

List all issues of a scan.

escape-cli scans issues scan-id

Aliases: results, res, result, iss\ Arguments: scan-id (ID of the scan)

Example Output:

ID                                      SEVERITY    TYPE    CATEGORY                  NAME                                         IGNORED    URL
00000000-0000-0000-0000-000000000001    MEDIUM      API     PROTOCOL                  Insecure Security Policy header              false      https://app.escape.tech/scan/00000000-0000-0000-0000-000000000005/issues/00000000-0000-0000-0000-000000000001/overview/
00000000-0000-0000-0000-000000000002    LOW         API     INFORMATION_DISCLOSURE    Debug mode enabled                           false      https://app.escape.tech/scan/00000000-0000-0000-0000-000000000005/issues/00000000-0000-0000-0000-000000000002/overview/