-
Notifications
You must be signed in to change notification settings - Fork 3
Command line Arguments
jc0b edited this page Jul 30, 2024
·
12 revisions
nudge-auto-updater supports the following command-line arguments:
| Argument name | Default Value | Description |
|---|---|---|
--sofa-url, -s
|
https://sofa.macadmins.io/v1/macos_data_feed.json | Specifies the URL of a custom SOFA feed to use for getting macOS update information. |
--nudge-file, -n
|
nudge-config.json |
Specifies the Nudge configuration JSON file to update. |
--api-key |
n/a | Optional flag. A VulnCheck API key for getting CVE data. You will need to set either this argument, or the VULNCHECK_API_KEY environment variable, if you want to use CVE scoring data for your Nudge updating rules. |
--config-file, -c
|
configuration.yml |
The path to a yaml-formatted file containing the configuration for nudge-auto-updater. If no config file is specified, nudge-auto-updater will attempt to load configuration.yml from the working directory. If that file doesn't exist, nudge-auto-updater will run with a default configuration. |
--markdown-file, -m
|
n/a | Optional flag. Specifies the path to a markdown file that nudge-auto-updater will write the results of a run to, if that run changes the nudge file. This can be useful for e.g. a CI workflow where you want to create merge/pull requests with new Nudge JSON, in which case the contents of the markdown file can be used as a MR/PR description. |
--webhook-url, -w
|
n/a | Optional flag. Specifies a Slack webhook URL, to which alerts will be sent about changes to the nudge file if specified. Can also be set via the SLACK_WEBHOOK environment variable. |
--auto |
False | Runs nudge-auto-updater non-interactively. Useful for CI/CD environments. If unset, confirmation is required to write changes to the Nudge JSON file. |
--force, -f
|
False | Forces re-evaluation of urgency and required installation date for every targetedOSVersionsRule, even when requiredMinimumOSVersion in Nudge JSON config is up to date. Useful if CVE data was updated or created since last run. |
--cisa |
False | Checks vulnerabilities against CISA's Known-Exploited Vulnerability (KEV) database. If a KEV is present, the CISA-recommended enforcement date for your macOS update is applied if it is sooner than your calculated enforcement date. Due to the CISA KEV database not always having information available when a macOS update is released, it is recommended to combine this with the --force flag to keep your Nudge configuration up-to-date with CISA recommendations. |