Upload Infrastructure as Code for Scanning

Use Plerion Code security IaC to scan for security vulnerabilities and compliance issues.

Use the following command to upload your IaC files to the Plerion Code security IaC scanning queue:

export PLERION_API_KEY=YOUR_API_KEY
curl --request POST \
  --location 'https://au.api.plerion.com/v1/tenant/shiftleft/iac/scan?artifactName=YOUR-ARTIFACT-NAME.zip' \
  --header "Authorization: Bearer $PLERION_API_KEY" \
  --header 'Content-Type: application/zip' \
  --data-binary '@/Users/example.user/examples-iac/terraform.zip'

Replace YOUR_API_KEY with your actual API key and /Users/example.user/examples-iac/terraform.zip with the actual path to your zip file.

After receiving a 202 message, retrieve the scanId and proceed to check the results by repeatedly polling the findings endpoint with exponential backoff until the data field is not empty.

This endpoint supports the following public cloud platforms and IaC templates:

1. Amazon Web Services (AWS)
2. Microsoft Azure
3. Google Cloud Platform (GCP)
4. Kubernetes manifests
5. Helm charts
6. Dockerfile definitions
7. Terraform configurations
8. Bicep configurations
9. Azure Resource Manager (ARM) templates
10. CloudFormation templates

Please note that this API endpoint has following limitations:

1. Maximum file size that can be uploaded is 4.4MB.

To work around these limitations, please consider the following:

1. Split your IaC zip archive into smaller zip files and upload them individually.
2. If you are unable to work within these limitations, please contact support for assistance.

Note: If you encounter the error code “x422Z” while using cURL, it’s possible that the error is related to missing the ”@” symbol when specifying the file path in the —data or —data-binary option. To resolve this error, you should double-check that you have included the ”@” symbol before the file path when uploading files with cURL.