search

fortify / fcli

fcli is a command-line utility for interacting with various Fortify products
https://fortify.github.io/fcli/
Other
27 stars 16 forks source link

Parameter --login-macro #502

Open janskyview opened 5 months ago

janskyview commented 5 months ago

Supposing trying to start a scan with this command line:

fcli sc-dast scan start --login-macro='zerologin.webmacro' --mode='CrawlAndAudit' --name='Test Scan from CLI'

Output error expects an integer at --login-macro parameter, I suppose there's a repository of webmacros to create and then give the id as the parameter's value.

Assuming this is the right path, where do you create such a repo of webmacro using ScanCentralDAST from Software Security Center Web GUI? I've looked into the documentation but I haven't found anything about webmacros' repository. Sorry if this is the wrong place to post this. Thank you.

janskyview commented 5 months ago

I was informed today by a Microfocus employee that --login-macro parametre simply does not work and should not be used. Instead use parameter -s, --settings=
and give the scan setting's id as value. So you should go the other way around, configure a scan settings from SSC, attach a login macro to the settings, note down the id and call fcli with the above parameter. Hope it helps.

rsenden commented 5 months ago

Thanks for the info. We'll do some more research on this topic and implement any required fcli changes, like documenting the above in the fcli usage help.