Documentation Index
Fetch the complete documentation index at: https://docs.plerion.com/llms.txt
Use this file to discover all available pages before exploring further.
With plerion iac, you can scan Infrastructure as Code (IaC) files for security findings and vulnerabilities. Supported formats include Terraform, CloudFormation, Bicep, ARM, Kubernetes, Helm, and Dockerfile.
Synopsis
plerion iac <subcommand> [options]
Subcommands
scan
Upload a zip file for IaC scanning.
plerion iac scan --file <file.zip> --name <artifact-name>
Maximum upload size is 4.4 MB. Zip your IaC files before uploading.
list-scans
List previous IaC scans.
plerion iac list-scans [options]
| Flag | Type | Description |
|---|
--ids | string | Filter by scan IDs (comma-separated) |
--artifact-name | string | Filter by artifact names (comma-separated) |
--status | string | Filter by status: SUCCESS, FAILURE (comma-separated) |
--sort-by | string | Sort by field (id, createdAt, updatedAt, artifactName, status) |
--sort-order | string | asc or desc |
--per-page | number | Results per page (default: 50, max: 1000) |
--all | flag | Fetch all pages automatically |
get-findings
Get security findings from a completed scan.
plerion iac get-findings --scan-id <scan-id> [options]
| Flag | Type | Description |
|---|
--scan-id | string | (required) Scan ID returned from iac scan |
--ids | string | Filter by finding IDs (comma-separated) |
--status | string | Filter by result: PASSED, FAILED (comma-separated) |
--severity | string | Filter by severity: CRITICAL, HIGH, MEDIUM, LOW (comma-separated) |
--detection-id | string | Filter by detection IDs (comma-separated) |
--type | string | Filter by type (comma-separated, e.g. terraform, kubernetes) |
--file | string | Filter by file paths (comma-separated) |
--sort-by | string | Sort by field (id, createdAt, updatedAt, artifactName, status) |
--sort-order | string | asc or desc |
--per-page | number | Results per page (default: 50, max: 1000) |
--all | flag | Fetch all pages automatically |
get-vulnerabilities
Get vulnerabilities from a completed scan.
plerion iac get-vulnerabilities --scan-id <scan-id> [options]
| Flag | Type | Description |
|---|
--scan-id | string | (required) Scan ID returned from iac scan |
--ids | string | Filter by vulnerability IDs (comma-separated) |
--severity | string | Filter by severity: CRITICAL, HIGH, MEDIUM, LOW (comma-separated) |
--vulnerability-id | string | Filter by CVE/vulnerability IDs (comma-separated) |
--severity-source | string | Filter by severity source (comma-separated, e.g. nvd, github) |
--file | string | Filter by file paths (comma-separated) |
--has-kev | flag | Filter for CISA Known Exploited Vulnerabilities |
--has-exploit | flag | Filter for vulnerabilities with known exploits |
--sort-by | string | Sort by field (id, vulnerabilityId, severityLevel, hasKev, hasExploit, file, createdAt, updatedAt) |
--sort-order | string | asc or desc |
--per-page | number | Results per page (default: 50, max: 1000) |
--all | flag | Fetch all pages automatically |
Examples
# Zip and scan a Terraform directory
zip -r infra.zip ./terraform/
plerion iac scan --file infra.zip --name infra.zip
# List all scans
plerion iac list-scans --output table
# List only successful scans
plerion iac list-scans --status SUCCESS
# Get all findings from a scan
plerion iac get-findings --scan-id scan-abc123 --all
# Get only failed findings
plerion iac get-findings --scan-id scan-abc123 --status FAILED
# Get critical and high severity findings
plerion iac get-findings --scan-id scan-abc123 --severity CRITICAL,HIGH
# Get vulnerabilities with known exploits
plerion iac get-vulnerabilities --scan-id scan-abc123 --has-exploit --output json
# Full workflow
zip -r infra.zip ./terraform/
plerion iac scan --file infra.zip --name infra.zip
# Note the scan ID from output, then:
plerion iac get-findings --scan-id <scan-id> --status FAILED --output table
plerion iac get-vulnerabilities --scan-id <scan-id> --severity CRITICAL,HIGH --all
Output columns (list-scans)
| Column | Description |
|---|
| ID | Scan ID |
| ARTIFACT | Artifact name (uploaded zip filename) |
| STATUS | Scan status (e.g. SUCCESS, FAILURE) |
| TYPES | Detected IaC types (e.g. terraform, kubernetes) |
| FINDINGS | Total findings count |
| FAILED | Failed findings count |
| PASSED | Passed findings count |
| VULNS | Vulnerability count |
| TENANT ID | Tenant ID |
| ORG ID | Organization ID |
| CREATED AT | Scan creation timestamp |
| UPDATED AT | Scan update timestamp |
Output columns (get-findings)
| Column | Description |
|---|
| ID | Finding ID |
| SCAN ID | Parent scan ID |
| DETECTION ID | Detection rule ID |
| DETECTION TITLE | Detection rule title |
| TYPE | Finding type |
| RESULT | PASSED or FAILED |
| SEVERITY | Severity level |
| FILE | Source file path |
| LINE RANGE | Affected line range (e.g. 10-25) |
| RESOURCE | Resource identifier |
| DASHBOARD URL | Link to finding in the Plerion dashboard |
| TENANT ID | Tenant ID |
| ORG ID | Organization ID |
| CREATED AT | Record creation timestamp |
| UPDATED AT | Record update timestamp |
Output columns (get-vulnerabilities)
| Column | Description |
|---|
| ID | Vulnerability record ID |
| CVE / VULN ID | CVE or vulnerability identifier |
| TITLE | Vulnerability title |
| SEVERITY | Severity level |
| SEVERITY VALUE | Numeric severity score |
| DESCRIPTION | Vulnerability description |
| FILE | Source file containing the vulnerable dependency |
| KEV | CISA Known Exploited Vulnerability |
| EXPLOIT | Has known exploit |
| PACKAGES | Affected package name(s) |
| PRIMARY URL | Link to CVE or advisory |
| PUBLISHED | Publication date |
| TENANT ID | Tenant ID |
| ORG ID | Organization ID |
| CREATED AT | Record creation timestamp |
| UPDATED AT | Record update timestamp |
