With plerion iac, you can scan Infrastructure as Code (IaC) files for security findings and vulnerabilities. Supported formats include Terraform, CloudFormation, Bicep, ARM, Kubernetes, Helm, and Dockerfile.
Synopsis
plerion iac <subcommand> [options]
Subcommands
scan
Upload a zip file for IaC scanning.
plerion iac scan --file <file.zip> --name <artifact-name>
Maximum upload size is 4.4 MB. Zip your IaC files before uploading.
list-scans
List previous IaC scans.
plerion iac list-scans [options]
| Flag | Type | Description |
|---|
--ids | string | Filter by scan IDs (comma-separated) |
--artifact-name | string | Filter by artifact names (comma-separated) |
--status | string | Filter by status: SUCCESS, FAILURE (comma-separated) |
--sort-by | string | Sort by field (id, createdAt, updatedAt, artifactName, status) |
--sort-order | string | asc or desc |
--per-page | number | Results per page (default: 50, max: 1000) |
--all | flag | Fetch all pages automatically |
get-findings
Get security findings from a completed scan.
plerion iac get-findings --scan-id <scan-id> [options]
| Flag | Type | Description |
|---|
--scan-id | string | (required) Scan ID returned from iac scan |
--ids | string | Filter by finding IDs (comma-separated) |
--status | string | Filter by result: PASSED, FAILED (comma-separated) |
--severity | string | Filter by severity: CRITICAL, HIGH, MEDIUM, LOW (comma-separated) |
--detection-id | string | Filter by detection IDs (comma-separated) |
--type | string | Filter by type (comma-separated, e.g. terraform, kubernetes) |
--file | string | Filter by file paths (comma-separated) |
--sort-by | string | Sort by field (id, createdAt, updatedAt, artifactName, status) |
--sort-order | string | asc or desc |
--per-page | number | Results per page (default: 50, max: 1000) |
--all | flag | Fetch all pages automatically |
get-vulnerabilities
Get vulnerabilities from a completed scan.
plerion iac get-vulnerabilities --scan-id <scan-id> [options]
| Flag | Type | Description |
|---|
--scan-id | string | (required) Scan ID returned from iac scan |
--ids | string | Filter by vulnerability IDs (comma-separated) |
--severity | string | Filter by severity: CRITICAL, HIGH, MEDIUM, LOW (comma-separated) |
--vulnerability-id | string | Filter by CVE/vulnerability IDs (comma-separated) |
--severity-source | string | Filter by severity source (comma-separated, e.g. nvd, github) |
--file | string | Filter by file paths (comma-separated) |
--has-kev | flag | Filter for CISA Known Exploited Vulnerabilities |
--has-exploit | flag | Filter for vulnerabilities with known exploits |
--sort-by | string | Sort by field (id, vulnerabilityId, severityLevel, hasKev, hasExploit, file, createdAt, updatedAt) |
--sort-order | string | asc or desc |
--per-page | number | Results per page (default: 50, max: 1000) |
--all | flag | Fetch all pages automatically |
Examples
# Zip and scan a Terraform directory
zip -r infra.zip ./terraform/
plerion iac scan --file infra.zip --name infra.zip
# List all scans
plerion iac list-scans --output table
# List only successful scans
plerion iac list-scans --status SUCCESS
# Get all findings from a scan
plerion iac get-findings --scan-id scan-abc123 --all
# Get only failed findings
plerion iac get-findings --scan-id scan-abc123 --status FAILED
# Get critical and high severity findings
plerion iac get-findings --scan-id scan-abc123 --severity CRITICAL,HIGH
# Get vulnerabilities with known exploits
plerion iac get-vulnerabilities --scan-id scan-abc123 --has-exploit --output json
# Full workflow
zip -r infra.zip ./terraform/
plerion iac scan --file infra.zip --name infra.zip
# Note the scan ID from output, then:
plerion iac get-findings --scan-id <scan-id> --status FAILED --output table
plerion iac get-vulnerabilities --scan-id <scan-id> --severity CRITICAL,HIGH --all
Output columns (list-scans)
| Column | Description |
|---|
| ID | Scan ID |
| ARTIFACT | Artifact name (uploaded zip filename) |
| STATUS | Scan status (e.g. SUCCESS, FAILURE) |
| TYPES | Detected IaC types (e.g. terraform, kubernetes) |
| FINDINGS | Total findings count |
| FAILED | Failed findings count |
| PASSED | Passed findings count |
| VULNS | Vulnerability count |
| TENANT ID | Tenant ID |
| ORG ID | Organization ID |
| CREATED AT | Scan creation timestamp |
| UPDATED AT | Scan update timestamp |
Output columns (get-findings)
| Column | Description |
|---|
| ID | Finding ID |
| SCAN ID | Parent scan ID |
| DETECTION ID | Detection rule ID |
| DETECTION TITLE | Detection rule title |
| TYPE | Finding type |
| RESULT | PASSED or FAILED |
| SEVERITY | Severity level |
| FILE | Source file path |
| LINE RANGE | Affected line range (e.g. 10-25) |
| RESOURCE | Resource identifier |
| DASHBOARD URL | Link to finding in the Plerion dashboard |
| TENANT ID | Tenant ID |
| ORG ID | Organization ID |
| CREATED AT | Record creation timestamp |
| UPDATED AT | Record update timestamp |
Output columns (get-vulnerabilities)
| Column | Description |
|---|
| ID | Vulnerability record ID |
| CVE / VULN ID | CVE or vulnerability identifier |
| TITLE | Vulnerability title |
| SEVERITY | Severity level |
| SEVERITY VALUE | Numeric severity score |
| DESCRIPTION | Vulnerability description |
| FILE | Source file containing the vulnerable dependency |
| KEV | CISA Known Exploited Vulnerability |
| EXPLOIT | Has known exploit |
| PACKAGES | Affected package name(s) |
| PRIMARY URL | Link to CVE or advisory |
| PUBLISHED | Publication date |
| TENANT ID | Tenant ID |
| ORG ID | Organization ID |
| CREATED AT | Record creation timestamp |
| UPDATED AT | Record update timestamp |
