# AquilaX CLI

**Supported Python Versions:** 3.6+

### Installation

#### Via PyPI

```bash
pip install aquilax
```

#### From Source

```bash
git clone https://github.com/AquilaX-AI/AquilaX-Client.git
cd AquilaX-Client
pip install -e .
```

#### Verification

```bash
aquilax --version
```

### Authentication

#### Login

```bash
aquilax login <token>
```

For self-hosted instances:

```bash
aquilax login <token> --server <url>
```

**Parameters:**

* `<token>`: API authentication token
* `--server`: (Optional) Server URL (default: `https://aquilax.ai`)

#### Logout

```bash
aquilax logout
```

### Configuration

#### Set Default Organization

```bash
aquilax --set-org <org_id>
```

#### Set Default Group

```bash
aquilax --set-group <group_id>
```

#### Configuration File Location

* Linux/macOS: `~/.aquilax/config.json`
* Windows: `%USERPROFILE%\.aquilax\config.json`

**Structure:**

```json
{
  "apiToken": "your_api_token",
  "baseUrl": "https://aquilax.ai",
  "org_id": "507f1f77bcf86cd799439011",
  "group_id": "507f1f77bcf86cd799439012"
}
```

### Available Scanners

| Scanner           | Function                                       |
| ----------------- | ---------------------------------------------- |
| PII Scanner       | Detects personally identifiable information    |
| Secret Scanner    | Identifies exposed credentials and API keys    |
| IaC Scanner       | Analyzes Infrastructure as Code configurations |
| SAST Scanner      | Static application security testing            |
| SCA Scanner       | Software composition analysis for dependencies |
| Container Scanner | Container security analysis                    |
| Image Scanner     | Docker image scanning                          |
| CI/CD Scanner     | Pipeline configuration security review         |

### Commands

#### scan

Initiate a security scan on a Git repository.

```bash
aquilax scan <git_uri> [options]
```

**Options:**

| Flag         | Description                      | Default      |
| ------------ | -------------------------------- | ------------ |
| `--scanners` | Scanners to execute              | All scanners |
| `--branch`   | Target branch                    | `main`       |
| `--sync`     | Real-time monitoring             | Disabled     |
| `--format`   | Output format: `json` or `table` | `table`      |

**Examples:**

```bash
# All scanners, default branch
aquilax scan https://github.com/org/repo

# Specific branch with sync
aquilax scan https://github.com/org/repo --branch develop --sync

# Specific scanners only
aquilax scan https://github.com/org/repo --scanners secret_scanner sast_scanner

# JSON output
aquilax scan https://github.com/org/repo --format json
```

#### ci-scan

CI/CD-optimized scanning with policy enforcement.

```bash
aquilax ci-scan <git_uri> [options]
```

**Options:**

| Flag              | Description                            | Default            |
| ----------------- | -------------------------------------- | ------------------ |
| `--org-id`        | Organization ID                        | Configured default |
| `--group-id`      | Group ID                               | Configured default |
| `--branch`        | Target branch                          | `main`             |
| `--sync`          | Real-time monitoring                   | Disabled           |
| `--fail-on-vulns` | Exit non-zero if vulnerabilities found | Disabled           |
| `--format`        | Output format: `json` or `table`       | `table`            |
| `--output-dir`    | PDF report directory                   | Current directory  |
| `--save-pdf`      | Save PDF report                        | Disabled           |

**Examples:**

```bash
# Basic scan
aquilax ci-scan https://github.com/org/repo

# Fail build on vulnerabilities
aquilax ci-scan https://github.com/org/repo --fail-on-vulns

# Override org/group
aquilax ci-scan https://github.com/org/repo \
  --org-id 507f1f77bcf86cd799439011 \
  --group-id 507f1f77bcf86cd799439012
```

#### pull

Retrieve scan results by ID.

```bash
aquilax pull <scan_id> [options]
```

**Options:**

| Flag         | Description                      | Default            |
| ------------ | -------------------------------- | ------------------ |
| `--org-id`   | Organization ID                  | Configured default |
| `--group-id` | Group ID                         | Configured default |
| `--format`   | Output format: `json` or `table` | `table`            |

**Example:**

```bash
aquilax pull 507f1f77bcf86cd799439013 --format json
```

#### get orgs

List accessible organizations.

```bash
aquilax get orgs
```

#### get groups

List groups within an organization.

```bash
aquilax get groups [--org-id <org_id>]
```

#### get scan-details

Retrieve detailed scan information.

```bash
aquilax get scan-details --scan-id <scan_id> [options]
```

**Options:**

| Flag         | Description                      | Default            |
| ------------ | -------------------------------- | ------------------ |
| `--org-id`   | Organization ID                  | Configured default |
| `--group-id` | Group ID                         | Configured default |
| `--format`   | Output format: `json` or `table` | `table`            |

### Output Formats

#### Table Format

```
╭─────────────────┬──────────────────────┬─────────────────────────┬──────────┬─────────┬────────╮
│ Scanner         │ Path                 │ Vulnerability           │ Severity │ CWE     │ OWASP  │
├─────────────────┼──────────────────────┼─────────────────────────┼──────────┼─────────┼────────┤
│ secret_scanner  │ config/database.yml  │ Hardcoded API Key       │ HIGH     │ CWE-798 │ A02    │
│ sast_scanner    │ app/controllers/...  │ SQL Injection           │ CRITICAL │ CWE-89  │ A03    │
╰─────────────────┴──────────────────────┴─────────────────────────┴──────────┴─────────┴────────╯
```

#### JSON Format

```json
{
  "scan_id": "507f1f77bcf86cd799439013",
  "status": "COMPLETED",
  "findings": [
    {
      "scanner": "secret_scanner",
      "path": "config/database.yml",
      "vuln": "Hardcoded API Key",
      "severity": "HIGH",
      "cwe": ["CWE-798"],
      "owasp": ["A02"]
    }
  ]
}
```

### Security Policy Enforcement

Security policies are configured at the group level. Scans fail when vulnerability counts exceed defined thresholds.

**Threshold Types:**

* `total`: Maximum total vulnerabilities
* `CRITICAL`: Maximum critical severity findings
* `HIGH`: Maximum high severity findings
* `MEDIUM`: Maximum medium severity findings
* `LOW`: Maximum low severity findings

**Example:**

```
Security Policy Thresholds:
  - total: 10
  - CRITICAL: 0
  - HIGH: 2
  - MEDIUM: 5
  - LOW: 10
```

When thresholds are exceeded:

```
Thresholds exceeded: CRITICAL (2) > 0; HIGH (5) > 2
Pipeline failed due to security policy violations.
```

### CI/CD Integration

#### GitHub Actions

```yaml
name: Security Scan
on: [push]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Run AquilaX Scan
        run: |
          pip install aquilax
          aquilax login ${{ secrets.AQUILAX_TOKEN }}
          aquilax ci-scan ${{ github.repository }} --fail-on-vulns
```

#### GitLab CI

```yaml
security_scan:
  stage: test
  script:
    - pip install aquilax
    - aquilax login $AQUILAX_TOKEN
    - aquilax ci-scan $CI_REPOSITORY_URL --branch $CI_COMMIT_BRANCH --fail-on-vulns
```

#### Jenkins

```groovy
stage('Security Scan') {
    steps {
        sh 'pip install aquilax'
        sh 'aquilax login ${AQUILAX_TOKEN}'
        sh 'aquilax ci-scan ${GIT_URL} --fail-on-vulns --format json > scan-results.json'
    }
}
```

#### Azure DevOps

```yaml
- task: CmdLine@2
  inputs:
    script: |
      pip install aquilax
      aquilax login $(AQUILAX_TOKEN)
      aquilax ci-scan $(Build.Repository.Uri) --fail-on-vulns
```

### Troubleshooting

#### Module Import Errors

**Issue:** `ModuleNotFoundError: No module named 'aquilax'`

**Resolution:**

```bash
pip install aquilax
source venv/bin/activate  # Linux/macOS
venv\Scripts\activate     # Windows
```

#### Authentication Errors

**Issue:** `401 Unauthorized`

**Resolution:**

```bash
aquilax logout
aquilax login <correct_token>
```

#### Repository Access Errors

**Causes:**

* Incorrect repository URL
* Insufficient access permissions
* Invalid branch name

**Resolution:**

* Verify repository URL
* Confirm platform has repository access
* Check branch exists: `git branch -a`

#### Connection Issues

**Resolution:**

```bash
# Verify server URL
aquilax login <token> --server https://correct-url.com

# Test connectivity
curl https://your-server.com/health
```

### Environment Variables

```bash
export AQUILAX_SERVER="https://your-instance.com"
```

### Support

* Email: <support@aquilax.ai>
* Website: <https://aquilax.ai>
* Documentation: <https://docs.aquilax.ai>
* Issues: <https://github.com/AquilaX-AI/AquilaX-Client/issues>

{% embed url="<https://vimeo.com/1013653906?share=copy>" %}
AquilaX Sync Scan
{% endembed %}

### More Details

You can simple type `aquilax -h` for more details or you can visit the open source repo of the CLI here: <https://github.com/AquilaX-AI/AquilaX-Client>

If you find any issue or any suggestion for improvement, we love to hear from you: <https://uptime.betterstack.com/report/QK1Vyg2gkGYXXe8YDePQpuyX>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.aquilax.ai/user-manual/devtools/aquilax-cli.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.