Command Line Interface¶
Quick Start¶
export ESCAPE_APPLICATION_ID=<YOUR APPLICATION ID>
export ESCAPE_API_KEY=<YOUR API KEY>
npm i -g @escape.tech/action
escape-action
Failure behavior¶
The Escape CLI will:
- Exit with code 1 if high-severity issues are found
- Can be configured to fail on different severity levels
Available Variables¶
| Variable | Type | Required | Description |
|---|---|---|---|
ESCAPE_APPLICATION_ID | string | Yes | The ID of the application on Escape that will be scanned continuously. You can find it in your Escape application settings. |
ESCAPE_API_KEY | string | Yes | Your API key on the Escape platform. You can find it in your Escape settings. |
SCHEMA_URL | string | No | The URL to your API schema that you want to upload to the specific application ESCAPE_APPLICATION_ID. |
SCHEMA_FILE | string | No | The filepath to your API schema that you want to upload to the specific application ESCAPE_APPLICATION_ID. |
FAIL_ON_SEVERITIES | string | No | A comma-separated (CSV) string that should contain any of the following severities to define a failure of the CLI (exit code 1):- HIGH- MEDIUM- LOW- INFOFor example, export FAIL_ON_SEVERITIES=HIGH,MEDIUM will make the CLI fail if any HIGH or MEDIUM issues are flagged. |
TIMEOUT | number | No | The timeout of the job. If set to 0, the scan will be started, but the job will not wait for it to finish before terminating.The triggered scan will run asynchronously on Escape, and your team will be notified once it is done using your desired Workflows settings. |
CONFIGURATION_OVERRIDE | string | No | See the configuration override section. |
CONFIGURATION_OVERRIDE_PATH | string | No | See the configuration override section. |
REF_NAME | string | No | See the commit identification section. |
COMMIT_HASH | string | No | See the commit identification section. |
USER_EMAIL | string | No | See the commit identification section. |
INTROSPECTION_FILE | path | No | See the introspection update section. |
CLI Options¶
| Option | Type | Description |
|---|---|---|
--output <path> | string | The path to the output file that will contain the scan results. |
--r | boolean | Include remediations in the report. Remediations are recommended actions that can be taken to address any security vulnerabilities that are found during the scan. |
--pdf | boolean | Download a PDF report of the scan results. |
--zip | boolean | Download an exchange archive (zip file) of the scan results. |