Cortex CLI usage - Administrator Guide

Cortex CLI usage - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation

Product

Cortex Cloud Application Security > Cortex CLOUD

License

Cloud Runtime Security

Creation date

2024-12-24

Last date published

2026-06-04

Category

Administrator Guide

To execute a Cortex CLI scan, run:

cortexcli [global flags] [module name] scan [module flags]

Command breakdown

cortexcli: The Cortex CLI binary - a global option. Establishes the execution environment for all subsequent commands
Global flags: Flags that apply across all supported modules. Place global flags between cortexcli and the module name
- --api-base-url <value>
- --api-key <value>
- --api-key-id <value>
Additional global flags are supported by the AppSec and CWP modules, but not the WAAS module. Refer to Cortex CLI common command line reference guide for more information.
Module name: Select the module (environment) to be scanned:
- api — API Security. For more information about API Security scans, refer to Cortex CLI for API Security
- image — CWP. For more information about CWP scans, refer to Cortex CLI for Cloud Workload Protection
- code — Cortex Cloud Application Security. For more information about Cortex Cloud Application Security refer to Cortex CLI for Code Security
Module flags: The flags available for the selected command:
- For flags common to all environments, refer to Cortex CLI common command line reference guide
- For flags specific to CWP refer to Cloud Workload Protection command line reference
- For flags specific to API Security, refer to Cortex CLI API Security command line reference guide
- For flags specific to Cortex Cloud Application Security, refer to Cortex CLI Cortex Cloud Application Security command line reference

Examples

Global flags: Apply to all modules. Place between cortexcli and the module name:

# Authenticate and scan with global authentication flags
cortexcli --api-base-url https://api.xdr.us.paloaltonetworks.com --api-key <KEY> --api-key-id <KEY_ID> code scan --directory .

Global flags common to AppSec and CWP: Upload mode, exit code handling, and log output. Not supported by WAAS:

# Run an AppSec scan in no-upload mode with soft-fail and log output
cortexcli --upload-mode no-upload --soft-fail --no-fail-on-crash --log code scan --directory .

AppSec scan: Scan source code for IaC misconfigurations, SCA vulnerabilities, and secrets:

# Scan a repository directory and filter results to critical and high severity
cortexcli --upload-mode no-upload code scan --directory /path/to/repo --severity critical,high

CWP scan: Scan a container image for vulnerabilities:

# Scan a container image with soft-fail enabled
cortexcli --soft-fail image scan --image myapp:latest

API Security scan: Scan APIs for security issues. Global flags (other than authentication) are not supported:

# Run an API Security scan
cortexcli api scan --api-spec /path/to/openapi.yaml

Note

For more information about CLI usage for CWP, refer to Cortex CLI for Cloud Workload Protection
For more information about CLI usage for API Security, refer to Cortex CLI for API Security
For more information about CLI usage for Cortex Cloud Application Security, refer to Cortex CLI usage for Cortex Cloud Application Security