Skip to main content

lacework vulnerability host scan-pkg-manifest

Request an on-demand host vulnerability assessment from a package-manifest

Synopsis

Request an on-demand host vulnerability assessment of your software packages to determine if the packages contain any common vulnerabilities and exposures.

Simple usage:

lacework vulnerability host scan-pkg-manifest '{
"osPkgInfoList": [
{
"os":"Ubuntu",
"osVer":"18.04",
"pkg": "openssl",
"pkgVer": "1.1.1-1ubuntu2.1~18.04.5"
}
]
}'

To generate a package-manifest from the local host and scan it automatically:

lacework vulnerability host scan-pkg-manifest --local

NOTE:

  • Only packages managed by a package manager for supported OS's are reported.
  • Calls to this operation are rate limited to 10 calls per hour, per access key.
  • This operation is limited to 10k packages per command execution.
lacework vulnerability host scan-pkg-manifest <manifest> [flags]

Options

      --fail_on_fixable           fail if the assessed container has fixable vulnerabilities
--fail_on_severity string specify a severity threshold to fail if vulnerabilities are found (critical, high, medium, low, info)
-f, --file string path to a package manifest to scan
--fixable only show fixable vulnerabilities
-h, --help help for scan-pkg-manifest
-l, --local automatically generate the package manifest from the local host
--packages show a list of packages with CVE count

Options inherited from parent commands

  -a, --account string      account subdomain of URL (i.e. <ACCOUNT>.lacework.net)
-k, --api_key string access key id
-s, --api_secret string secret access key
--api_token string access token (replaces the use of api_key and api_secret)
--debug turn on debug logging
--json switch commands output from human-readable to json format
--nocache turn off caching
--nocolor turn off colors
--noninteractive turn off interactive mode (disable spinners, prompts, etc.)
--organization access organization level data sets (org admins only)
-p, --profile string switch between profiles configured at ~/.lacework.toml
--subaccount string sub-account name inside your organization (org admins only)

SEE ALSO