CLI Configuration File
Configuration File
Once the Command Line Interface (CLI) is installed, it creates a file called init.yaml
containing the configuration settings. These settings are enumerated below.
Editing a Setting
See Config
Configuration Key/Value pairs:
Key | Notes | Value Type |
---|---|---|
adAccessToken | Populated by the CLI | string |
adAuthUrl | authentication URL | URI, typically https://login.microsoftonline.com/ |
adClientId | Application (client) ID from Active Directory | string |
adClientSecret | secret from Active Directory | string |
adGraphUrl | Microsoft Graph URL | URI, typically https://graph.microsoft.com/.default |
adTenantId | Directory (tenant) ID from Active Directory | string |
assessmentDays | Number of days to add to today for the planned finish date for an assessment in RegScale | numeric e.g. 10 |
azure365AccessToken | Azure DefenderAccess token (created by the API) | string |
azure365ClientId | Azure Defender access key | string |
azure365Secret | Azure Defender secret key | string |
azure365TenantId | Azure Defender Tenant ID | string |
azureCloudAccessToken | Azure Cloud Defender Access token (created by the API) | string |
azureCloudClientId | Azure Cloud Defender access key | string |
azureCloudSecret | Azure Cloud Defender secret key | string |
azureCloudSubscriptionId | Azure Cloud Defender Subscription Id | string |
azureCloudTenantId | Azure Cloud Defender Tenant ID | string |
cisaAlerts | URL of cisa alerts page | URI: |
cisaKev | URL of CISA Known Exploits and Vulnerabilities | URI: |
crowdstrikeBaseUrl | Url of Crowdstrike System | URI |
crowdstrikeClientId | CrowdStrike Client ID | string |
crowdstrikeClientSecret | CrowdStrike Client Secret | string |
dependabotId | The GitHub user id | string |
dependabotOwner | The owner of the GitHub repository | string |
dependabotRepo | The GitHub repository name | string |
dependabotToken | The personal access token | string |
domain | RegScale instance URI | URI e.g. https://regscale.io |
evidenceFolder | the location of the folder containing the required documents to be tested | path, e.g. ./evidence |
failScore | the score at which an assessment fails | whole number e.g. 30 |
gcpCredentials | path to gcp credentials file | path, e.g. /credentials.json |
gcpOrganizationId | Organization Id from GCP - if importing organization scans | string |
gcpProjectId | Project Id from GCP - if importing project scans | string |
gcpScanType | Organization or Project | string: organization | project |
githubDomain | The GitHub api domain for your organization | URI e.g. api.github.com |
issueCreation | For Commercial Scan integrations, this determines whether an issue is created for each unique vulnerability / asset pair: PerAsset or only for each unique vulnerability: Consolidated | string: options "Consolidated" | "PerAsset" |
jiraApiToken | The Jira API token generated for the given username | string |
jiraUrl | The Base URL of your Jira Instance | URI: e.g. https://regscale.jira.org |
jiraUserName | Jira user name | string |
maxThreads | The total number of threads the application is allowed to use for bulk processing. | numeric e.g. 1000 |
oktaApiToken | API access token, generated within Okta admin portal | string |
oktaClientId | Okta Client Id | string |
oktaScopes | What permissions the RegScale CLI application is allowed from Okta admin portal | requires okta.users.read and okta.roles.read |
oktaSecreteKey | Only used if Bearer token is your desired authentication method with Okta API | string |
oktaUrl | URL for your Okta instance | URL |
oscalLocation | File Path for OSCAL Files | File Path e.g. /opt OSCAL |
otx | deprecated | |
passScore | the score at which an assessment passes | whole number, e.g. 80 |
poamTitleType | What to use for the title of poams created from scans | Cve (default) - CVE Number | pluginId - Scanner Plugin Id |
pwshPath | PowerShell Path | Path e.g. /opt/microsoft/powershell/7/pwsh |
qualysPassword | Qualys password to log in | string |
qualysUrl | base URL for the Qualys API | URL (Article) |
qualysUserName | Qualys user name to log in | string |
salesforcePassword | Password for SalesForce, you can also use an environment variable as SF_PASSWORD | string |
salesforceToken | Security token for SalesForce, you can also use an environment variable as SF_TOKEN | string |
salesforceUserName | Your User Name in SalesForce, you can also use an environment variable as SF_USERNAME | string |
snowPassword | ServiceNow password for this user | string |
snowUrl | base URL of your ServiceNow instance | URL |
snowUserName | ServiceNow User Name | string |
sonarToken | The sonarcloud token assigned in the UI | string |
ssl_verify | Flag to verify SSL/TLS Certificates when making REST api calls | true or false (default true) |
tenableAccessKey | Tenable access key | string |
tenableSecretKey | Tenable secret key | string |
tenableUrl | base URL for the Tenable API. | URL e.g. https://sc.tenalab.online |
tenableGroupByPlugin | Flag for POA&M handling. If true, it creates a single POA&M per vulnerability labeled by plugin-id. | true or false (default true) |
token | Bearer token or API token available on home page of RegScale instance | Base64 string |
userId | userId available on home page of RegScale instance | String e.g. de8e7ca0-e8b7-44a3-8915-c799ad675e0e |
vulnerabilityCreation | For Commercial Scan integrations, this determines whether an issue is created for vulnerabilities. Options are: "NoIssue" -don't create issues from vulnerabilities. "IssueCreation" - create issues from vulnerabilities. "PoamCreation" - create issues/POA&Ms from vulnerabilities | string: NoIssue|IssueCreation|PoamCreation |
wizAccessToken | Populated by the CLI | string |
wizAuthUrl | URL for granting authentication tokens | URI e.g. https://auth.wiz.io/oauth/token |
wizExcludes | flags the specific assets to exclude from syncing to RegScale. For each node, this is based on the entities[0]["name"] attribute. | string |
wizReportAge | Days old window for reports | whole number e.g. 15 |
wizScope | Populated by the CLI | string |
wizUrl | GraphQL endpoint for your Wiz.io instance | URL |
Key | Notes | Value | ||
---|---|---|---|---|
issues: | ||||
aws: | ||||
high | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 30 | ||
moderate | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 90 | ||
low | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 365 | ||
status | Status to be used in issues created in RegScale | Draft, Open, Pending Decommission, Supply Chain/Procurement Dependency, Vendor Dependency for Fix, Delayed, or Exception/Waiver | ||
defender365: | ||||
high | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 30 | ||
moderate | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 90 | ||
low | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 365 | ||
status | Status to be used in issues created in RegScale | Draft, Open, Pending Decommission, Supply Chain/Procurement Dependency, Vendor Dependency for Fix, Delayed, or Exception/Waiver | ||
defenderCloud: | ||||
high | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 30 | ||
moderate | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 90 | ||
low | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 365 | ||
status | Status to be used in issues created in RegScale | Draft, Open, Pending Decommission, Supply Chain/Procurement Dependency, Vendor Dependency for Fix, Delayed, or Exception/Waiver | ||
jira: | ||||
highest | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 7 | ||
high | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 30 | ||
moderate | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 90 | ||
low | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 365 | ||
lowest | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 365 | ||
status | Status to be used in issues created in RegScale | Draft, Open, Pending Decommission, Supply Chain/Procurement Dependency, Vendor Dependency for Fix, Delayed, or Exception/Waiver | ||
qualys: | ||||
high | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 30 | ||
moderate | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 90 | ||
low | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 365 | ||
status | Status to be used in issues created in RegScale | Draft, Open, Pending Decommission, Supply Chain/Procurement Dependency, Vendor Dependency for Fix, Delayed, or Exception/Waiver | ||
salesforce: | ||||
critical | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 7 | ||
high | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 30 | ||
moderate | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 90 | ||
low | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 365 | ||
status | Status to be used in issues created in RegScale | Draft, Open, Pending Decommission, Supply Chain/Procurement Dependency, Vendor Dependency for Fix, Delayed, or Exception/Waiver | ||
tenable: | ||||
critical | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 3 | ||
high | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 30 | ||
moderate | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 90 | ||
low | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 365 | ||
status | Status to be used in issues created in RegScale | Draft, Open, Pending Decommission, Supply Chain/Procurement Dependency, Vendor Dependency for Fix, Delayed, or Exception/Waiver | ||
wiz: | ||||
critical | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 3 | ||
high | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 30 | ||
moderate | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 90 | ||
low | Number of days to add to today's date when setting due dates to RegScale issues | whole numbers e.g. 365 | ||
status | Status to be used in issues created in RegScale | Draft, Open, Pending Decommission, Supply Chain/Procurement Dependency, Vendor Dependency for Fix, Delayed, or Exception/Waiver |
Updated 2 months ago