# Xygeni Scanner Reference The Xygeni Scanner CLI supports the following commands: ``` Usage: xygeni [-hqvV] [--token=] [--url=] [-cop=key:value [-cop=key:value]...] [@...] [COMMAND] Parameters: @... One or more argument files containing options. -v, --verbose Verbose output? -q, --quiet Quiet mode: do not generate output at console. -cop, --conf-option=key:value Configuration properties for the scan. -h, --help Show this help message and exit. -V, --version Print version information and exit. Xygeni credentials - clear-text or encrypted, env:VAR, file:PATH They override the corresponding values in xygeni.yml configuration. --url= Xygeni api URL --token= Access token. Commands: scan Runs all analyses available. multi-scan Runs scans on multiple subdirectories (modules). org-scan Discovers, and even scans, the organization repositories. inventory Discover SDLC assets for project. deps, scan-deps Scan software project for dependencies and SBOM generation. suspectdeps Detect suspect dependencies in project. compliance Check compliance with supply-chain standards. codetamper Detect potential code tampering. secrets Detect hard-coded secrets in project. misconf Detect misconfigurations in project. iac Detect security flaws in IaC template files. malware Detect malware evidences. report-upload Converts and uploads an external tool or xygeni report into Xygeni platform. util Utilities for configuration. generate-completion Generate bash/zsh completion script for xygeni. ``` ## Configuration options Each scan has configuration options that are by default available in files named `xygeni.yml` and `xygeni..yml` in the scanner's `conf` directory. Each file is a YAML document that could be edited and uploaded to the Xygeni platform for reuse. The `-cop|--conf-option` are global options that go before the command, each for given a value to a configuration property:`xygeni -cop | --conf-option key:value -cop | --conf-option key2:value ... ...`\ (quotes surrounding key:value are optional, depending on shell metacharacters that can appear in key:value) `key`is the name of the configuration property, and `value` is the value to be assigned. For nested properties separate the parts with '/'. Examples: ```shell # Disable commit resolution xygeni -cop 'commitResolution:never' scan ... # Set parallel mode with two threads xygeni -cop 'mode:parallel' -cop 'parallelism:2' secrets ... # Disable timeout xygeni -cop 'timeout:0' secrets ... # More complex cases (using long or short option names): xygeni --config-option "report[format=text]/sort: exposure" \ --config-option "report[format=text]/borders: none" \ --config-option "parallelism: min(availableProcessors - 1, 4)" \ scan ... # Imagine that the user has this environment var instead of the expected JENKINS_URL xygeni -cop "cicd[kind=jenkins]/url: ${MY_JENKINS_URL}" misconf ... ``` {% hint style="info" %} Follow our [**Central Configuration**](https://github.com/xygeni/UserDoc/blob/main/xygeni-scanner-cli/xygeni-cli-overview/central-configuration.md) for instructions on how to handle central configuration. Note that many configuration options are passed through environment variables or local files in CI/CD pipelines, and for sporadic changes it may be easier to specify a few options with `--conf-option`, possibly storing command line options in an `@argument` file which could be under version control, etc.) This could be convenient when many configuration properties need to be overridden for scanning a particular project. {% endhint %} ## Common scan options The following options are supported by the scan commands (`scan`, `multi-scan`, `org-scan`, `deps`, `secrets`, `iac`, `sast`, `suspectdeps`, `malware`, `misconf`, `codetamper`, `inventory`): | Option | Description | | --------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `-n, --name` | Project name for the scan. | | `-d, --dir` | Project base directory to scan. | | `-o, --output` | Output file for the report (use `-` for stdout). | | `-f, --format` | Report format (`json`, `text`, `sarif`, `html`, ...). | | `--mute ` | Apply scanner-side [mute rules](https://github.com/xygeni/UserDoc/blob/main/xygeni-scanner-cli/xygeni-cli-overview/mute-rules.md) from a local YAML file or named server-side ruleset. | | `-nb` | Suppress the scanner banner. | See [Mute Rules](https://github.com/xygeni/UserDoc/blob/main/xygeni-scanner-cli/xygeni-cli-overview/mute-rules.md) for the full `.xygeni.mute.yml` descriptor reference and how scanner-side muting interacts with the Web UI mute action. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.xygeni.io/xygeni-scanner-cli/xygeni-cli-overview/xygeni-scanner-reference.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.