Scan Commands

Home › Reference › Commands › Categories › Scan

Overview

The scan category provides security scanning with multiple scanner types via the --scanner flag, plus a dedicated subcommand for dynamic testing.

Commands

Command	Description
scan	Security scanning and evidence collection for audit compliance
scan zap	Dynamic Application Security Testing using OWASP ZAP

Scanner Types

Type	Description	Tool
sbom	Software Bill of Materials	Trivy
vuln	Vulnerability scanning	Trivy
secrets	Secret detection	Trivy
iac	Infrastructure as Code scanning	Trivy
compliance	Compliance checking	Trivy
sast	Static Application Security Testing	Semgrep

Common Use Cases

Complete Security Scan

r2r eac scan

Vulnerability Assessment

r2r eac scan --scanner vuln,secrets

Compliance Checking

r2r eac scan --scanner compliance,sbom

Application Security Testing

# Static analysis
r2r eac scan --scanner sast

# Dynamic testing (requires running application)
r2r eac scan zap eac-api --target http://localhost:8080

Key Features

• Multi-tool security scanning (Trivy, Semgrep, OWASP ZAP)
• SBOM generation for supply chain security
• Compliance validation (CIS, NIST)
• Secret detection
• Infrastructure as Code scanning
• Static and dynamic analysis

See Also

• validate Commands
• create risk-assess
• validate control-tags

---

Tutorials | How-to Guides | Explanation | Reference

You are here: Reference — information-oriented technical descriptions of the system.