Cortex CLI usage

To execute a Cortex CLI scan, run:

cortexcli [global flags] [module name] scan [module flags]

Command breakdown

  • cortexcli: The Cortex CLI binary - a global option. Establishes the execution environment for all subsequent commands

  • Global flags: Flags that apply across all supported modules. Place global flags between cortexcli and the module name

    • --api-base-url <value>

    • --api-key <value>

    • --api-key-id <value>

    Additional global flags are supported by the AppSec and CWP modules, but not the WAAS module. Refer to Cortex CLI common command line reference guide for more information.

  • Module name: Select the module (environment) to be scanned:

    • api — API Security. For more information about API Security scans, refer to Cortex CLI for API Security

    • image — CWP. For more information about CWP scans, refer to Cortex CLI for Cloud Workload Protection

    • codeApplication Security. For more information about Application Security refer to Cortex CLI for Code Security

  • Module flags: The flags available for the selected command:

    • For flags common to all environments, refer to Cortex CLI common command line reference guide

    • For flags specific to CWP refer to Cloud Workload Protection command line referenceCloud Workload Protection command line reference

    • For flags specific to API Security, refer to Cortex CLI API Security command line reference guide

    • For flags specific to Application Security, refer to Cortex CLI Application Security command line reference

Examples

Global flags: Apply to all modules. Place between cortexcli and the module name:

# Authenticate and scan with global authentication flags
cortexcli --api-base-url https://api.xdr.us.paloaltonetworks.com --api-key <KEY> --api-key-id <KEY_ID> code scan --directory .

Global flags common to AppSec and CWP: Upload mode, exit code handling, and log output. Not supported by WAAS:

# Run an AppSec scan in no-upload mode with soft-fail and log output
cortexcli --upload-mode no-upload --soft-fail --no-fail-on-crash --log code scan --directory .

AppSec scan: Scan source code for IaC misconfigurations, SCA vulnerabilities, and secrets:

# Scan a repository directory and filter results to critical and high severity
cortexcli --upload-mode no-upload code scan --directory /path/to/repo --severity critical,high

CWP scan: Scan a container image for vulnerabilities:

# Scan a container image with soft-fail enabled
cortexcli --soft-fail image scan --image myapp:latest

API Security scan: Scan APIs for security issues. Global flags (other than authentication) are not supported:

# Run an API Security scan
cortexcli api scan --api-spec /path/to/openapi.yaml

Note

  • For more information about CLI usage for CWP, refer to Cortex CLI for Cloud Workload Protection

  • For more information about CLI usage for API Security, refer to Cortex CLI for API Security

  • For more information about CLI usage for Application Security, refer to Cortex CLI usage for Application Security