{"id":22751895,"url":"https://github.com/stackguardian/sg-cli","last_synced_at":"2025-07-14T00:39:01.122Z","repository":{"id":104531193,"uuid":"598998401","full_name":"StackGuardian/sg-cli","owner":"StackGuardian","description":"StackGuardian CLI","archived":false,"fork":false,"pushed_at":"2025-04-22T14:46:23.000Z","size":146,"stargazers_count":4,"open_issues_count":2,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-22T15:25:47.194Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/StackGuardian.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-02-08T08:36:08.000Z","updated_at":"2024-11-07T16:02:40.000Z","dependencies_parsed_at":"2023-11-23T14:30:36.145Z","dependency_job_id":"e655f4a1-b90d-46cf-ac29-e09deabb0aba","html_url":"https://github.com/StackGuardian/sg-cli","commit_stats":null,"previous_names":["stackguardian/sg-cli"],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/StackGuardian/sg-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackGuardian%2Fsg-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackGuardian%2Fsg-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackGuardian%2Fsg-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackGuardian%2Fsg-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/StackGuardian","download_url":"https://codeload.github.com/StackGuardian/sg-cli/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackGuardian%2Fsg-cli/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265228244,"owners_count":23731068,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-11T05:07:49.616Z","updated_at":"2025-07-14T00:39:01.101Z","avatar_url":"https://github.com/StackGuardian.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"## StackGuardian CLI (sg-cli)\n\n### 1: Setup\n\nRequired environment variables:\n```\nSG_BASE_URL (default: https://api.app.stackguardian.io)\nSG_API_TOKEN\nSG_DASHBOARD_URL (default: https://app.stackguardian.io/orchestrator)\n```\nInstall jq in your environment: https://jqlang.github.io/jq/download/\n\n### 2: Required input\n\nScript accepts JSON payload for the final input.\nPayload holds information about `ResourceName`, `TemplateConfig` and so on.\n\n### 3: Running script\n\nWhen running just\n```\n./sg-cli stack create\n```\nhelp menu will be shown with more details.\n\nThere are required arguments that need to be passed when running script:\n```\n--org\n--workflow-group\n```\nand optional like:\n```\n--wait\n--run\n--preview\n--dry-run\n--stack-name\n--patch-payload\n```\nJSON payload is passed at the end of all arguments after `--`.\nOnly one arguments is accepted after `--`, providing more will result in error.\nAny argument (optional, required) needs to be passed before `--`, in any order.\n\nIf we have payload like following\n```\n{\n \"ResourceName\": \"test\",\n \"TemplatesConfig\": {\n \"templateGroupId\": \"/demo-org/azure-stack-demo:1\",\n \"templates\": [\n {\n \"id\": 0,\n \"WfType\": \"TERRAFORM\",\n \"ResourceName\": \"azure33f-vnet-3vXY\"\n },\n {\n \"id\": 1,\n \"WfType\": \"TERRAFORM\",\n \"ResourceName\": \"azure_aks-Wngq\"\n }\n ]\n }\n}\n```\n\nExample 1: (simple run with prefilled payload.json)\n```\n./sg-cli stack create --org demo-org --workflow-group integration-wfgrp -- payload.json\n```\n\nExample 2: (override ResourceName (workflow-stack name))\n```\n./sg-cli stack create --org demo-org --workflow-group integration-wfgrp --resourceName custom_name -- payload.json\n\n```\nPayload from before will have updated:\n```\n{\n \"ResourceName\": \"custom_name\",\n ...\n}\n```\n\nExample 3: (patch anything inside payload.json)\n\u003e make sure to surround patch json in single quotes `''`, and each key and value with `\"\"`\n```\n./sg-cli stack create --org demo-org --workflow-group integration-wfgrp --patch-payload '{\"ResourceName\": \"custom_name\", \"TemplatesConfig\": {\"templates\": [{\"ResourceName\": \"first_item\"}]}}' -- payload.json\n```\nPaylod will look like the following:\n```\n{\n \"ResourceName\": \"custom_name\",\n \"TemplatesConfig\": {\n \"templateGroupId\": \"/demo-org/azure-stack-demo:1\",\n \"templates\": [\n {\n \"id\": 0,\n \"WfType\": \"TERRAFORM\",\n \"ResourceName\": \"first_item\"\n },\n {\n \"id\": 1,\n \"WfType\": \"TERRAFORM\",\n \"ResourceName\": \"azure_aks-Wngq\"\n }\n ]\n }\n}\n```\n\nExample 4: (unset array)\n```\n./sg-cli stack create --org demo-org --workflow-group integration-wfgrp --patch-payload '{\"TemplatesConfig\": {\"templates\": []}}' -- payload.json\n```\nPayload will look like the follwing:\n\u003e when array is set to `[]`, it will use default value\n```\n{\n \"ResourceName\": \"test\",\n \"TemplatesConfig\": {\n \"templateGroupId\": \"/demo-org/azure-stack-demo:1\",\n \"templates\": []\n }\n}\n```\n\nExample 5: (add new key)\n```\n./sg-cli stack create --org demo-org --workflow-group integration-wfgrp --patch-payload '{\"custom_key\": \"custom_value\"}' -- payload.json\n```\nPayload will look like the follwing:\n\u003e new key/value will be added to payload\n```\n{\n \"ResourceName\": \"test\",\n ...\n \"custom_key\": \"custom_value\"\n}\n```\n\nExample 6: Bulk onboard cloud accounts\n```\n./sg-cli aws integrate --org demo-org -- payload.json\n```\n\nPayload will look like the follwing:\n\u003e It should contain an array of AWS account objects under the key `awsAccounts`\n```\n{\n \"awsAccounts\": [\n {\n \"ResourceName\": \"Dummy123\",\n \"Description\": \"dummy account\",\n \"Settings\": {\n \"kind\": \"AWS_STATIC\",\n \"config\": [\n {\n \"awsAccessKeyId\": \"hi-its-me-a-dummy-account\",\n \"awsSecretAccessKey\": \"keep-your-secrets-safe\",\n \"awsDefaultRegion\": \"us-east-1\"\n }\n ]\n }\n },\n {\n \"ResourceName\": \"Dummy11345\",\n \"Description\": \"dummy account\",\n \"Settings\": {\n \"kind\": \"AWS_STATIC\",\n \"config\": [\n {\n \"awsAccessKeyId\": \"hi-its-me-a-dummy-account\",\n \"awsSecretAccessKey\": \"keep-your-secrets-safe\",\n \"awsDefaultRegion\": \"us-east-1\"\n }\n ]\n }\n }\n ]\n}\n```\n\nExample 7: Bulk create workflows with tfstate files\n```\n./sg-cli workflow create --bulk --org demo-org --workflow-group demo-grp -- payload.json\n```\n\npayload.json will look like the following:\n\u003e payload.json should contain an array of workflow objects\n```\n[\n {\n \"Approvers\": [],\n \"CLIConfiguration\": {\n \"TfStateFilePath\": \"/Users/richie/Documents/StackGuardian/stackguardian-migrator/transformer/tfc/../../out/state-files/aws-terraform.tfstate\",\n \"WorkflowGroup\": {\"name\":\"test2\"} \n },\n \"DeploymentPlatformConfig\": [\n {\n \"kind\": \"AWS_RBAC\", \n \"config\": {\n \"integrationId\": \"/integrations/xyz\", \n \"profileName\": \"default\" \n }\n }\n ],\n \"Description\": \"\",\n \"EnvironmentVariables\": [],\n \"MiniSteps\": {\n \"notifications\": {\n \"email\": {\n \"APPROVAL_REQUIRED\": [],\n \"CANCELLED\": [],\n \"COMPLETED\": [],\n \"ERRORED\": []\n }\n },\n \"wfChaining\": { \"COMPLETED\": [], \"ERRORED\": [] }\n },\n \"ResourceName\": \"cli-5\",\n \"RunnerConstraints\": { \"type\": \"shared\" },\n \"Tags\": [],\n \"TerraformConfig\": {\n \"approvalPreApply\": false,\n \"managedTerraformState\": true,\n \"terraformVersion\": \"1.5.3\"\n },\n \"UserSchedules\": [],\n \"VCSConfig\": {\n \"iacInputData\": { \"data\": {}, \"schemaType\": \"RAW_JSON\" },\n \"iacVCSConfig\": {\n \"customSource\": {\n \"config\": {\n \"auth\": \"/integrations/github_com\",\n \"includeSubModule\": false,\n \"isPrivate\": true,\n \"ref\": \"\",\n \"repo\": \"https://github.com/joscheuerer/terraform-aws-vpc\",\n \"workingDir\": \"\"\n },\n \"sourceConfigDestKind\": \"GITHUB_COM\"\n },\n \"useMarketplaceTemplate\": false\n }\n },\n \"WfType\": \"TERRAFORM\"\n },\n {\n \"Approvers\": [],\n \"CLIConfiguration\": {\n \"TfStateFilePath\": \"/Users/richie/Documents/StackGuardian/stackguardian-migrator/transformer/tfc/../../out/state-files/aws-terraform.tfstate\",\n \"WorkflowGroup\": {\"name\":\"test1\"} \n },\n \"DeploymentPlatformConfig\": [\n {\n \"kind\": \"AWS_RBAC\", \n \"config\": {\n \"integrationId\": \"/integrations/xyz\", \n \"profileName\": \"default\" \n }\n }\n ],\n \"Description\": \"\",\n \"EnvironmentVariables\": [],\n \"MiniSteps\": {\n \"notifications\": {\n \"email\": {\n \"APPROVAL_REQUIRED\": [],\n \"CANCELLED\": [],\n \"COMPLETED\": [],\n \"ERRORED\": []\n }\n },\n \"wfChaining\": { \"COMPLETED\": [], \"ERRORED\": [] }\n },\n \"ResourceName\": \"cli-5\",\n \"RunnerConstraints\": { \"type\": \"shared\" },\n \"Tags\": [],\n \"TerraformConfig\": {\n \"approvalPreApply\": false,\n \"managedTerraformState\": true,\n \"terraformVersion\": \"1.5.3\"\n },\n \"UserSchedules\": [],\n \"VCSConfig\": {\n \"iacInputData\": { \"data\": {}, \"schemaType\": \"RAW_JSON\" },\n \"iacVCSConfig\": {\n \"customSource\": {\n \"config\": {\n \"auth\": \"/integrations/github_com\",\n \"includeSubModule\": false,\n \"isPrivate\": true,\n \"ref\": \"\",\n \"repo\": \"https://github.com/joscheuerer/terraform-aws-vpc\",\n \"workingDir\": \"\"\n },\n \"sourceConfigDestKind\": \"GITHUB_COM\"\n },\n \"useMarketplaceTemplate\": false\n }\n },\n \"WfType\": \"TERRAFORM\"\n }\n]\n```\n\n\nExample 8: Run Compliance discovery against integrations\n```\n./sg-cli compliance aws --org demo-org --region eu-central-1 --integration-name aws-integ -- payload.json\n./sg-cli compliance azure --org demo-org --integration-name aws-integ -- payload.json\n```\n\npayload.json will look like the following:\n\u003e payload.json example\n```\n{\n \"VCSConfig\": {},\n \"WfStepsConfig\": [\n {\n \"wfStepTemplateId\": \"/stackguardian/steampipe:2\",\n \"name\": \"steampipe\",\n \"approval\": false,\n \"timeout\": 5400,\n \"wfStepInputData\": {\n \"schemaType\": \"FORM_JSONSCHEMA\",\n \"data\": {\n \"steampipeCheckArgs\": \"azure_compliance.benchmark.cis_v150\",\n \"awsRegion\": \"all\"\n }\n }\n }\n ],\n \"WfType\": \"CUSTOM\",\n}\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstackguardian%2Fsg-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstackguardian%2Fsg-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstackguardian%2Fsg-cli/lists"}