Ionize CLI
- 24 Aug 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
Ionize CLI
- Updated on 24 Aug 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Ionize is a tool for managing the asynchronous calls necessary to embed an Ion Channel analysis into a CI/CD process.
Installation
- Email support@exiger.com with a request to be provided with the tool.
- Run the executable from the folder matching your operating system. Supported operating systems include Windows, Linux, and Darwin (includes macOS).
Running Ionize
At a minimum, Ionize requires an API token, your Team ID, and a Project ID to run. The steps to obtain each can be obtained at the links below:
Each of these may be provided via a configuration file. Alternatively, the Ion Channel API token can be provided via an environment variable:
IONCHANNEL_SECRET_KEY=<token> ionize [command]Configuration File
A configuration file is required to run the Ionize analyze command. The .ionize.yaml file in the current directory will be used by default. The --config global flag may be used to specify a different configuration file.
Some configurations can also be applied as environment variables as noted in the examples below.
You can find a sample .ionize.yaml file in the Ionize GitHub repository.
Configuration file settings:
| Configuration | Details | Example |
| key | An Ion Channel API token. | key: api_token_here Also available as an environment variable: IONCHANNEL_SECRET_KEY=your_api_token |
| team | The team ID where the project to be analyzed resides | team: abcd1234-ab12-ab12-ab12-abcde123456 |
| project | The project ID of the project to be analyzed | project: bcde1234-ab12-ab12-ab12-abcde234567 |
| coverage | (optional) The location of a coverage.txt file, including the percentage of code coverage. The coverage.txt file may only contain a float value (up to 2 decimal places). This file is required if the Code Coverage rule is included in the project's governing ruleset. | coverage: /path/to/file.txt |
| timeout | (optional) The amount of time in seconds for an analysis to complete before it exits with a status code of 1 (the same as if a scan fails governance) | timeout: 300 Also available as an environment variable: IONCHANNEL_ANALYSIS_TIMEOUT=300 |
| output-format | (optional) The file type(s) to be created once the analysis has been completed. Options include:
| output-format: all Also available as an environment variable: IONCHANNEL_OUTPUT_FORMAT=all |
| output-file | (optional) The filename where the file specified by the output-format configuration will be written. If output-format is set to all, a folder name should be provided instead. | output-file: path/to/file.json Also available as an environment variable: IONCHANNEL_OUTPUT_FILE=path/to/file.json |
| bucket | (optional) The S3 URI where external artifacts will be delivered. | bucket: s3://bucket/folder Also available as an environment variable: IONCHANNEL_DROP_BUCKET=s3://bucket/folder |
Usage
[environment variables] ionize [command] [flags]
Commands
analyze
Perform an analysis of the project provided in the configuration file and wait for the report.
Usage:
ionize analyze [flags]
Flags:
-a, --async: Run the command asynchronously without waiting for completion (default: false)
--dry-run: Run the command but don't return non-zero on failure (default: false)
-h, --help: Help for analyze
-o, --output-file string: Write the results of the analysis to the given file (or folder if output-format is all. Creates the file if it does not exist. An empty string disables this functionality (default: '')
-f, --output-format string: Write the output data in the supplied format (default: 'ion-channel')
-t, --timeout uint: Cancels the analysis and exits if the analysis does not finish within the specified number of seconds. A timeout of 0 disables this functionality (default: 0)
-a, --async: Run the command asynchronously without waiting for completion (default: false)
--dry-run: Run the command but don't return non-zero on failure (default: false)
-h, --help: Help for analyze
-o, --output-file string: Write the results of the analysis to the given file (or folder if output-format is all. Creates the file if it does not exist. An empty string disables this functionality (default: '')
-f, --output-format string: Write the output data in the supplied format (default: 'ion-channel')
-t, --timeout uint: Cancels the analysis and exits if the analysis does not finish within the specified number of seconds. A timeout of 0 disables this functionality (default: 0)
configs
Print out the configs and their values that have been loaded into ionize.
Usage:
ionize configs [flags]
Flags:
-h, --help: Help for configs
-h, --help: Help for configs
scrutinize
Perform an analyses on a URL and wait for a report.
Usage:
ionize scrutinize [flags]
Flags:
-a, --async: Run the command asynchronously without waiting for completion (default: false)
-a, --async: Run the command asynchronously without waiting for completion (default: false)
version
Reads the configuration file and begins an analysis.
Usage:
ionize scrutinize url name version [flags]
Flags:
-h, --help: Help for scrutinize
-h, --help: Help for scrutinize
GitHub Actions
Ionize can be easily integrated into a GitHub Workflow using the Analyze Action for GitHub Actions. You can find detailed documentation on this action here.
Current up to version 0.3.1
Was this article helpful?
