Qualys-IaC-Security 1.0.6

Description:

QualysIaCSecurity 1.0.6

Qualys-IaC-Security
The qiac is a command line interface to scan Infrastructure-as-Code templates using Qualys CloudView (Cloud Security Assessment).
Description
The Qualys IaC app provides a quick yet reliable way to assess your Infrastructure-as-a-Code templates and uncover potential vulnerable situations. The qiac provides you an interface to interact with Qualys IaC module in a simple way.
This command line interface (CLI) provides following commands.



Command Name
Feature
Description
Since Version




scan
Launch an IaC scan
You can scan one or more templates in a single command. This runs a job on Qualys cloud platform.
1.0.0b2


listscans
Get list of all IaC scans
Once you launch a scan, you can view list of all scans or a specific scan.
1.0.0b2


getresult
Get the IaC scan result
Once a scan is completed, you can download the scan result for your review.
1.0.0b2


config
Configure IaC CLI
You can configure user's credentials using this command.
1.0.0b3



Installation
Prerequisite
You need to fulfill the following requirements to use this CLI tool.

Python 3
If your environment uses Windows OS and Python version 3.10 or greater, then you must have Microsoft Visual C++ version 14.0 or greater version installed.
A valid Qualys subscription with access to

CloudView (Cloud Security Assessment)
The Qualys API



Command to install
You can install the qiac CLI from PyPI. Run the following command to install.
pip install Qualys-IaC-Security

How to use
See the supported options
You can use the --help option to get a list of supported options and their explanation.
Usage: qiac [OPTIONS] COMMAND [ARGS]...

Options:
-v, --version Show the version and exit.
-h, --help Show this message and exit.

Commands:
config Configure IaC CLI credentials.
getresult Gets the scan result.
listscans List all the scans.
scan Triggers/Launches the IaC scan.

Configure IaC CLI (optional command)
Use this command to configure user's credentials. This command is optional and should be used only when a user would like to store Qualys credentials in flat file for subsequent uses. Once this file is correctly configured, the user need not provide the Qualys platform, username, and password details for every CLI command. The authentication details are picked from the configuration file.
Below command collects Qualys credentials from user and stores those to user's home directory (.qiac.yaml)
qiac config -a <Qualys Platform> -u <Qualys username> -p <Qualys password>


The parameters: platform, username, and password are mandatory for this command.
config_file (optional): name or path of the config file.
Name: if the name is provided, then a config file with the specified name is created.
Path: if the path is provided, then the config file is created at the specified path with the default name. The default name is .qiac.yaml.
This command saves the config file on the user's home directory with the name .qiac.yaml. If a user doesn't want to save the config file in the home directory, the user can use the config_file option to provide the config file path. The config_file option saves the file at the specified path.

A user can use the config file using below ways:

Use Config file from user's home.

qiac <commands|params>


User Config file from user's custom directory.

qiac <commands|params> -c <location of config file>

Commands could be scan, getresults, listscans.
Note: If the user does not provide credentials in command options, then CLI checks for the config file in the current directory. If the config file is not present in the current directory, then CLI checks the user's home directory.
Launch a scan
You can scan one or more file(s) using the following command.
qiac scan -a <Qualys Platform> -u <your Qualys username> -n <name of the scan> -d <path1 to a file or directory> -d <path2 to a file or directory> -d <path3 to a file or directory>...


The CLI prompts for your Qualys password, only if password is not provided in command.
When you provide a path to a directory for -d option, the CLI will ZIP the contents and then upload the ZIP to the Qualys Cloud Platform.
On successful launch of the scan, the CLI output provides a Scan Id and show results in a tabular format.

Note: To scan the template(s), this CLI uploads your file(s) to the Qualys Cloud Platform.
Get the list of all scans
You can get list of scans using the following command. If you want to get the scan details for a specific scan, provide the IaC scan Id obtained from the launch scan output.
qiac listscans -a <Qualys Platform> -u <your Qualys username> -i <Scan Id>


This will fetch list of all IaC scan and its details and print it in tabular format on the terminal.

Get the scan result
Once you see that the scan status is FINISHED or ERROR, you can use the following command to get the IaC scan result.
qiac getresult -a <Qualys Platform> -u <your Qualys username> -i <Scan Id>


This will download the scan result and print it in tabular format on the terminal.

Documentation
For more information you can refer Secure Infrastructure as Code section in this user guide: https://www.qualys.com/docs/qualys-cloud-view-user-guide.pdf
Support
If you have any questions, please contact Qualys Support team at [email protected]