Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiCNAPP Administration Guide

    CLI commands for pipeline integration

    CLI commands for pipeline integration

    The following includes various CLI commands used to integrate into any pipeline.

    Purpose

    Command

    Action

    Breakdown
    Installing FortiCNAPP CLI curl https://raw.githubusercontent.com/lacework/go-sdk/main/cli/install.sh | bash This command uses curl to download and run a shell script that installs the FortiCNAPP CLI. N/A
    Configuring and authenticating CLI commands lacework configure -a LW_ACCOUNT -k LW_API_KEY -s LW_API_SECRET variable --noninteractive Configures the FortiCNAPP CLI to authenticate with the FortiCNAPP platform using account details, an API key, and an API secret.

    • lacework configure: A FortiCNAPP CLI command used to set up account configuration.

    • Flags:

      • -a LW_ACCOUNT: Specifies the FortiCNAPP account URL.

        • -a: Stands for “account,” and it defines the FortiCNAPP account URL.

        • The account value should be referenced from an environment variable stored in your CI/CD service.

        • Example: “test.lacework.net”

      • -k LW_API_KEY: Supplies the API key for authentication.

        • -k: Stands for “key,” and it specifies the API key.

        • The actual key should be referenced from an environment variable stored in your CI/CD service

      • -s ${{ secrets.LW_API_SECRET }}: Supplies the API secret for authentication.

        • -s: Stands for “secret,” and it specifies the API secret.

        • The actual secret should be referenced from an environment variable stored in your CI/CD service.

      • --noninteractive: Runs the command without prompting for any additional input from the user. Useful for automated workflows.
    Install FortiCNAPP SCA component lacework component install sca

    Installs the Software Composition Analysis (SCA) component of the FortiCNAPP CLI.

    • lacework component install: A command to install a specific component of the FortiCNAPP CLI.

    • sca: Specifies the component to install, which is the Static Code Analyzer tool from FortiCNAPP.
    Running SCA and SAST scans lacework sca scan ./ -f lw-json -o /tmp/lacework-scan.json Runs a Software Composition Analysis (SCA) scan on the current directory and outputs the results in JSON format.

    • lacework sca scan ./: Initiates an SCA scan on the specified directory (./ refers to the current directory).

    • -f lw-json: Specifies the format of the scan output.

      • -f: Stands for “format,” and lw-json is the FortiCNAPP-specific JSON format used for structured data analysis.

      • FortiCNAPP supports cycloneDX, SPDX, gitlab-JSON, SARIF, and JUNIT.XML formats.

    • -o /tmp/lacework-scan.json: Defines the output location and filename for the scan results.

      • -o: Stands for “output,” and it specifies where to save the scan results.

    Compare results from two different scans

    lacework sca compare --new /tmp/lacework-scan-source.json --old /tmp/lacework-scan-target.json -o /tmp/lacework-comparison.sarif

    Compares the results of two SCA scans to identify changes, such as new vulnerabilities introduced between versions of the code.

    • lacework sca compare: Initiates a comparison between two SCA scan results.

    • --new /tmp/lacework-scan-source.json: Specifies the newer scan result file, typically from the source branch of a pull request.

      • --new: Indicates the file containing the latest scan results.

      • --old /tmp/lacework-scan-target.json: Specifies the older scan result file, typically from the target branch.

      • --old: Indicates the file containing the baseline or previous scan results.

      • -o /tmp/lacework-comparison.sarif: Specifies the output file name and location for the SARIF results.
    Previous
    Next

    CLI commands for pipeline integration

    CLI commands for pipeline integration

    The following includes various CLI commands used to integrate into any pipeline.

    Purpose

    Command

    Action

    Breakdown
    Installing FortiCNAPP CLI curl https://raw.githubusercontent.com/lacework/go-sdk/main/cli/install.sh | bash This command uses curl to download and run a shell script that installs the FortiCNAPP CLI. N/A
    Configuring and authenticating CLI commands lacework configure -a LW_ACCOUNT -k LW_API_KEY -s LW_API_SECRET variable --noninteractive Configures the FortiCNAPP CLI to authenticate with the FortiCNAPP platform using account details, an API key, and an API secret.

    • lacework configure: A FortiCNAPP CLI command used to set up account configuration.

    • Flags:

      • -a LW_ACCOUNT: Specifies the FortiCNAPP account URL.

        • -a: Stands for “account,” and it defines the FortiCNAPP account URL.

        • The account value should be referenced from an environment variable stored in your CI/CD service.

        • Example: “test.lacework.net”

      • -k LW_API_KEY: Supplies the API key for authentication.

        • -k: Stands for “key,” and it specifies the API key.

        • The actual key should be referenced from an environment variable stored in your CI/CD service

      • -s ${{ secrets.LW_API_SECRET }}: Supplies the API secret for authentication.

        • -s: Stands for “secret,” and it specifies the API secret.

        • The actual secret should be referenced from an environment variable stored in your CI/CD service.

      • --noninteractive: Runs the command without prompting for any additional input from the user. Useful for automated workflows.
    Install FortiCNAPP SCA component lacework component install sca

    Installs the Software Composition Analysis (SCA) component of the FortiCNAPP CLI.

    • lacework component install: A command to install a specific component of the FortiCNAPP CLI.

    • sca: Specifies the component to install, which is the Static Code Analyzer tool from FortiCNAPP.
    Running SCA and SAST scans lacework sca scan ./ -f lw-json -o /tmp/lacework-scan.json Runs a Software Composition Analysis (SCA) scan on the current directory and outputs the results in JSON format.

    • lacework sca scan ./: Initiates an SCA scan on the specified directory (./ refers to the current directory).

    • -f lw-json: Specifies the format of the scan output.

      • -f: Stands for “format,” and lw-json is the FortiCNAPP-specific JSON format used for structured data analysis.

      • FortiCNAPP supports cycloneDX, SPDX, gitlab-JSON, SARIF, and JUNIT.XML formats.

    • -o /tmp/lacework-scan.json: Defines the output location and filename for the scan results.

      • -o: Stands for “output,” and it specifies where to save the scan results.

    Compare results from two different scans

    lacework sca compare --new /tmp/lacework-scan-source.json --old /tmp/lacework-scan-target.json -o /tmp/lacework-comparison.sarif

    Compares the results of two SCA scans to identify changes, such as new vulnerabilities introduced between versions of the code.

    • lacework sca compare: Initiates a comparison between two SCA scan results.

    • --new /tmp/lacework-scan-source.json: Specifies the newer scan result file, typically from the source branch of a pull request.

      • --new: Indicates the file containing the latest scan results.

      • --old /tmp/lacework-scan-target.json: Specifies the older scan result file, typically from the target branch.

      • --old: Indicates the file containing the baseline or previous scan results.

      • -o /tmp/lacework-comparison.sarif: Specifies the output file name and location for the SARIF results.
    Previous
    Next