Cosmo CLI
The Cosmo CLI is the official Command Line Interface that lets you interact with Cosmo. With the Cosmo CLI you can perform every operation enabled on the Cosmo platform (eg: create new scan or download reports).
Download
Download the latest version of the CLI for your OS from the release page of the official open source GitHub repository.
Usage
Using the CLI is simple. The base syntax is:
cosmo [command] [arguments]
All the CLI commands implemented are detailed in the table below:
Description | Command |
---|---|
List personal projects | cosmo list cosmo ls |
List personal projects (output in json) | cosmo list --output json |
Create a new analysis * | cosmo create --file <FILE> --name <NAME> --type <TYPE> --subtype <SUBTYPE> cosmo new --file <FILE> --name <NAME> --type <TYPE> --subtype <SUBTYPE> |
View project results overview | cosmo overview --id <PROJECT_ID> cosmo show --id <PROJECT_ID> |
View analysis results* | cosmo analysis --id <PROJECT_ID> --analysis <ANALYSIS> |
View analysis results (output in json) | cosmo analysis --id <PROJECT_ID> --analysis <ANALYSIS> --output json |
View paginated analysis results* | cosmo analysis --id <PROJECT_ID> --analysis <ANALYSIS> --page 1 --per-page 10 |
Delete project | cosmo delete --id <PROJECT_ID> cosmo rm --id <PROJECT_ID> |
Log out | cosmo logout |
info
The PROJECT_ID
argument can be retrieved from the cosmo list
output or by inspecting the URL of the online dashboard.
Features in detail
The Cosmo CLI allows you to perform all the actions described below.
Login
This command lets you perform the sign-in into the Cosmo platform.
cosmo login
info
You can avoid to perform this command directly: the CLI will ask you to sign-in when running a command for the first time.
Logout
This command performs the logout action. After logout any command will be rejected until the next login.
cosmo logout
Create new scan
info
Refer to this section of the documentation if you are unsure of what kind of file
you should upload to Cosmo.
With this command you can ask Cosmo to start a new scan on the specified firware image.
cosmo create --file <FILE> --name <NAME> --type <TYPE> --subtype <SUBTYPE>
or the equivalent
cosmo new --file <FILE> --name <NAME> --type <TYPE> --subtype <SUBTYPE>
Delete existing reports
With this command you can ask Cosmo to delete an existing report.
cosmo delete --id <PROJECT_ID>
or the equivalent
cosmo rm --id <PROJECT_ID>
info
The PROJECT_ID
argument can be retrieved from the cosmo list
output or by inspecting the URL of the online dashboard.
List personal reports
With this command you can ask Cosmo to list all the reports previously created.
cosmo list
or the equivalent
cosmo ls
You can use the --output json
flag to format the list output in json:
cosmo list --output json
Get the report overview
With this command you can ask Cosmo to show the overview of the report identified by PROJECT_ID
.
cosmo overview --id <PROJECT_ID>
or the equivalent
cosmo show --id <PROJECT_ID>
View analysis results
With this command you can ask Cosmo to show the whole analysis result.
The analysis type is passed as an argument with the flag --analysis
.
cosmo analysis --id <PROJECT_ID> --analysis <ANALYSIS>
Use the --output json
flag to format the analysis output in json:
cosmo analysis --id <PROJECT_ID> --analysis <ANALYSIS> --output json
For a paginated analysis result you can use the --page
(page) and --per-page
(size) flags:
cosmo analysis --id <PROJECT_ID> --analysis <ANALYSIS> --page 1 --per-page 10
info
All the possible values for the --analysis
flags are reported in the Supported Analyses section.
Supported analyses
All the supported analysis - for each firmware type - are listed below.
Linux/Container Analysis
hardening
(Binary Analysis)cve-check
(CVE Check)security-scan
(Security Scan)password-hash
(Password Hash)crypto
(Crypto Analyzer)nvram
(NVRAM Analysis)kernel
(Kernel Security)software-bom
(Software Bill of Materials)static-code
(Code Analysis)
UEFI Analysis
access
(Access Rights Analysis)intel-boot-guard
(Intel BootGuard Analysis)surface
(Attack Surface Analysis)secure-boot
(Secure Boot Analysis)uefi-security-scan
(Security Scan)peim-dxe
(PEIM/DXE Analysis)
Vxworks Analysis
functions
(Functions Analysis)symbols
(Symbols Analysis)tasks
(Tasks Analysis)capabilities
(Capabilities Analysis)
Supported types
All the type
and subtype
combinations supported by the Cosmo CLI are listed below.
info
Types and subtypes are only required to create new scans using the create
or new
commands.
type | subtype | description |
---|---|---|
linux | generic | Generic Linux firmare image analysis |
linux | yocto | Yocto Linux firmare image analysis |
linux | buildroot | Buildroot Linux firmare image analysis |
linux | openwrt | OpenWRT Linux firmare image analysis |
container | docker | Full Docker image analysis |
container | docker-lite | Fast Docker image analysis (only cve-check analysis performed) |
container | lxc | LXC container image analysis |
uefi | generic | UEFI Bios analysis |
vxworks | generic | VxWorks image analysis |
caution
The docker-lite
scan subtype is currently in beta and only available through the Cosmo CLI.