scan Commands

Home › Reference › Commands › Categories › Scan

Overview

The scan category contains 8 commands for security scanning and evidence collection for audit compliance.

Commands

Command	Purpose
scan	Run all security scans
scan vuln	Scan for vulnerabilities using Trivy
scan sast	Static Application Security Testing using Semgrep
scan secrets	Detect secrets and credentials using Trivy
scan iac	Scan Infrastructure as Code for misconfigurations
scan sbom	Generate Software Bill of Materials
scan compliance	Check compliance with security standards
scan zap	Dynamic Application Security Testing using OWASP ZAP

Common Use Cases

Complete Security Scan

r2r eac scan

Vulnerability Assessment

r2r eac scan vuln
r2r eac scan secrets

Compliance Checking

r2r eac scan compliance
r2r eac scan sbom

Application Security Testing

r2r eac scan sast
r2r eac scan zap http://localhost:8080

Key Features

• Multi-tool security scanning (Trivy, Semgrep, OWASP ZAP)
• SBOM generation for supply chain security
• Compliance validation (CIS, NIST)
• Secret detection
• Infrastructure as Code scanning
• Static and dynamic analysis

See Also

• validate Commands
• create risk-assess
• validate control-tags

---

Tutorials | How-to Guides | Explanation | Reference

You are here: Reference — information-oriented technical descriptions of the system.