whitespots
diff --git a/‎.gitbook/assets/image (141).png
72.6 KB b/‎.gitbook/assets/image (141).png
72.6 KB
diff --git a/‎appsec-portal/scanners/scanner-description/code-scanners/terrascan.md
Lines changed: 34 additions & 0 deletions b/‎appsec-portal/scanners/scanner-description/code-scanners/terrascan.md
Lines changed: 34 additions & 0 deletions
@@ -6,6 +6,40 @@ description: >-
 
 # Terrascan
 
+**Auditor Job Name**: Terrascan\
+**Auditor image:** registry.gitlab.com/whitespots-public/security-images/terrascan:1.14.0\
+**AppSec Portal Importer Name**: Terrascan Scan
+
 [Terrascan](https://github.com/tenable/terrascan) ensures that IaC definitions adhere to security best practices and can detect issues that may cause security breaches, data loss, or service disruptions. Terrascan supports several popular IaC frameworks, including **Terraform**, **Kubernetes**, **Helm**, **AWS CloudFormation**, **Azure Resource Manager**, and **Google Cloud Deployment Manager**.
 
 The tool uses a set of **predefined policies** that can be customized to match the organization's specific security and compliance requirements. The policies are based on industry-standard security frameworks such as **NIST**, **CIS**, **PCI-DSS**, and **GDPR**.
+
+#### Curl example
+
+{% code overflow="wrap" %}
+```
+curl -X POST localhost/api/v1/scan/import/ -H "Authorization: Token a75bb26171cf391671e67b128bfc8ae1c779ff7b" -H "Content-Type: multipart/form-data" -F "file=@./terrascan.json" -F "product_name=Product1" -F "product_type=Application" -F "scanner_name=Terrascan Scan" -F "branch=dev" -F "repository=git@gitlab.com:whitespots-public/appsec-portal.git"
+```
+{% endcode %}
+
+In this command, the following parameters are used:
+
+1. `-X POST`: specifies the HTTP method to be used (in this case, POST)
+2. `-H "Authorization: Token <authorization_token>"`: specifies the [**authorization token**](../../importing-reports-from-scanners-to-appsec-portal/#authorization-token) obtained from AppSec Portal.
+3. `-H "Content-Type: multipart/form-data"`: specifies the content type of the request.
+4. `-F "file=@<report_file_path>"`: specifies the **path to the report file** generated by the scanner.
+5. `-F "product_name=<product_name>"`: specifies the **name of the product** being scanned.
+6. `-F "product_type=<product_type>"`: specifies the **type of the product** being scanned.
+7. `-F "scanner_name=<scanner_name>"`: specifies the **name of the scanner** used to generate the report (Terrascan Scan)
+8. `-F "branch=<branch_name>"`: (_optional_) specifies the name of the branch in the source code repository (if applicable) This parameter is particularly useful when you want to associate the scan results with a specific branch in your repository. If not provided, the scan will be associated with the default branch
+
+Asset information, if an [auditor ](broken-reference)is used
+
+9. `-F "repository=<repository SSH URL>"`: If your product is **code** in a repository enter the address of your **repository** in a specific format, for example: git@gitlab.com:whitespots-public/appsec-portal.git
+10. &#x20;\-F "docker\_image=\<registry address>": If your product is **image** enter the address of the **registry** where your product is located, for example: registry.gitlab.com/whitespots-public/appsec-portal/back/auto\_validator:latest
+11. \-F "domain=\<domain>": If your product is **web** enter the **domain name** of your product, for example: whitespots.io
+12. \-F "host=\<host>": If your product is **web** enter the **IP address** of your product, for example: 0.0.0.0
+
+**Report example:**
+
+<figure><img src="../../../../.gitbook/assets/image (141).png" alt=""><figcaption></figcaption></figure>