Twigs provides a bunch of common options i.e. irrespective of what type of assets are being discovered. These common options are optional as seen below:
twigs [-h] [-v] [--handle HANDLE] [--token TOKEN] [--instance INSTANCE] [--run_id RUN_ID] [--tag_critical] [--tag TAG] [--no_auto_tags] [--apply_policy APPLY_POLICY][--sbom SBOM] [--no_scan]
Here is a quick description of these options:
- run_id – Specify an unique identifier for this twigs run. Note – this identifier will help you group multiple runs for a specific type of discovery together and these will be shown together in the I3 Portal. If you don’t specify a “run_id”, then discovery “mode” will be used by default.
- tag_critical – Mark asset(s) as business critical. Increases the priority of vulnerabilities assessed on this asset.
- tag – You can use this option multiple times on the command line to add multiple tags to the asset(s). Helps organize assets in the ThreatWorx portal and assign privileges for other users to view and manage assets based on tags.
- no_auto_tags – Disable auto tagging of assets with standard classification tags. Only user specified tags will be applied.
- apply_policy – You can use this option to specify name of a policy when you use twigs in your CI/CD pipeline to make policy based decisions like fail the build if any “DoNow” priority vulnerability impacts are discovered or any strong copyleft violations are found. For multiple policies, specify a comma-separated list of policy names.
- sbom – Use this option to specify path to a SBOM file to save the asset(s). Currently only ThreatWorx SBOMs are supported.
- no_scan – Indicate that you don’t wish to start a vulnerability assessment for the discovered asset(s).
- email_report – Automatically email a report once the vulnerability assessment is done for the discovered asset.
- schedule – Run this twigs command at specified schedule (in crontab format).
- quiet – Do not display informational messages on the console during twigs run.