diff --git a/docs/2.Basics/CLI Command Reference.md b/docs/2.Basics/CLI Command Reference.md index 03a11036d49..6120d3ab08a 100644 --- a/docs/2.Basics/CLI Command Reference.md +++ b/docs/2.Basics/CLI Command Reference.md @@ -33,11 +33,11 @@ nav_order: 2 | `--soft-fail-on SOFT_FAIL_ON` | Exits with a 0 exit code if only the specified items fail. Enter one or more items separated by commas. Each item may be either a Checkov check ID(CKV_AWS_123), a BC check ID (BC_AWS_GENERAL_123), or a severity (LOW, MEDIUM, HIGH, CRITICAL). If you use a severity, then any severity equal to or less than the highest severity in the list will result in a soft fail. This option may be used with `--hard-fail-on`, using the same priority logic described in `--check` and `--skip-check` options above, with `--hard-fail-on` taking precedence in a tie. If a given result does not meet the `--soft-fail-on` nor the `--hard-fail-on` criteria, then the default is to hard fail. | | `--hard-fail-on HARD_FAIL_ON` | Exits with a non-zero exit code for specified checks. Enter one or more items separated by commas. Each item may be either a Checkov check ID (CKV_AWS_123), a BCcheck ID (BC_AWS_GENERAL_123), or a severity (LOW, MEDIUM, HIGH, CRITICAL). If you use a severity, then any severity equal to or greater than the lowest severity in the list will result in a hard fail. This option can be used with `--soft-fail-on`, using the same priority logic described in `--check` and `--skip-check` options above, with `--hard-fail-on` taking precedence in a tie. | | `--bc-api-key BC_API_KEY` | Prisma Cloud Access Key (see `--prisma-api-url`) [env var: BC_API_KEY] | -| `--prisma-api-url PRISMA_API_URL` | The Prisma Cloud API URL (see:https://prisma.pan.dev/api/cloud/api-urls). Requires `--bc-api-key` to be a Prisma Cloud Access Key in the following format: :: [env var: PRISMA_API_URL] | +| `--prisma-api-url PRISMA_API_URL` | The Prisma Cloud API URL (see:https://prisma.pan.dev/api/cloud/api-urls). Requires `--bc-api-key` to be a Prisma Cloud Access Key in the following format: `access_key_id::secret_key` [env var: PRISMA_API_URL] | | `--skip-results-upload` | Do not upload scan results to the platform. Use this to download configs, but only view results in the local output. | | `--image, --docker-image DOCKER_IMAGE` | Scan docker images by name or ID. Only works with `--bc-api-key flag` | | `--dockerfile-path DOCKERFILE_PATH` | Path to the Dockerfile of the scanned docker image | -| `--repo-id REPO_ID` | Identity string of the repository, with form / | +| `--repo-id REPO_ID` | Identity string of the repository, with form `repo_owner/repo_name` | | `-b, --branch BRANCH` | Selected branch of the persisted repository. Only has effect when using the `--bc-api-key` flag | | `--skip-download` | Do not download any data from Prisma Cloud. This will omit doc links, severities, etc., as well as custom policies and suppressions if using an API token. Note: it will prevent BC platform IDs from being available in Checkov. | | `--use-enforcement-rules` | Use the Enforcement rules configured in the platform for hard/soft fail logic, where the matching enforcement rule (or the default rule if no match) determines the behavior: skip checks below soft-fail threshold, include checks equal to or above hard-fail threshold in hard-fail list, and include checks in between in soft-fail list. Overrides can be applied using `--check`, `--skip-check`, `--soft-fail`, `--soft-fail-on`, or `--hard-fail-on`, but the order of applying `--check` and `--skip-check` (as described under `--check`) still applies here. Requires BC or PC platform API key. |