Skip to main content

status

Descriptionโ€‹

Displays scan analysis results for the selected package version.

Use this command to show a simple analysis summary for CI workflows. This is ideal for quick failure triage and integration with CI systems when there's only one analysis check (version scan) to be performed. With the advanced CI/CD pipelines that perform differential analysis and reproducibility checks, the use of the checks command is advised.

When used with its filtering option, the status command will show a simple analysis summary for CI workflows.

Usageโ€‹

rl-secure status <purl> [<options>]

rl-secure status --purl=<purl> [<options>]

Optionsโ€‹

OptionDescription
-p, --purlRequired. Package URL for which to display scan analysis results, in the format [pkg:type/]<project></package><@version>.
--return-statusReturn status as exit code.
-s, --rl-storePath to an initialized package store containing the package URL. If you don't specify the path, the current directory is used.
--no-colorDon't add color to the output.
-h, --helpDisplay usage information and exit.

Examplesโ€‹

Display status summaryโ€‹

This example shows how to use the --return-status option to get the analysis summary ideal for quick failure triage and integration with CI systems.

We previously added Apache Solr 8.10.0 to the package store with the scan command. Version 8.10.0 contains a known vulnerability: CVE-2021-44228 (Log4Shell). Since this vulnerability can have a high impact, CISA issued a patching mandate to United States government agencies.

In the Output tab, the CI status L5:FAIL indicates that our package store is using the default SAFE Levels setting (L5). We could check which specific issues are blocking level attainment by using the inspect command.

The command expects the package store to exist in the current directory. Use the -s or --rl-store options to provide an alternative path to the package store (as shown in the "Extended input" tab).

rl-secure status pkg:rl/apache/solr@8.10.0 --return-status