CLI

The Fugue CLI is a command line client that allows you to interact with the Fugue API. You can create environments, trigger scans, get details for an environment, and more.

Commands

• create - Create subcommands
• delete - Delete subcommands
• get - Get subcommands
• help - Help about any command
• list - List subcommands
• scan - Trigger a scan
• sync - Sync files to your account
• test - Test custom rules
• update - Update subcommands

Usage

Fugue API Client

Usage:
  fugue [command]

Available Commands:
  create      Create a resource
  delete      Delete a resource
  get         Retrieve a resource
  help        Help about any command
  list        List a collection of resources
  scan        Trigger a scan
  sync        Sync files to your account
  test        Test custom rules
  update      Update a resource

Flags:
  -h, --help            help for fugue
      --output string   The formatting style for command output [table | json] (default "table")
      --version         version for fugue

Use "fugue [command] --help" for more information about a command.

Installation

• macOS

• Linux

• Windows

macOS installation

1. Select the prebuilt fugue-darwin-amd64 binary from the releases page on GitHub and save it to disk (do not open it):

2. cd into the directory where you downloaded fugue-darwin-amd64.

3. Rename the binary fugue and move it to a location in your $PATH, such as /usr/local/bin. You can do both with the following command:

mv fugue-darwin-amd64 /usr/local/bin/fugue

4. Change file permissions to enable execution:

chmod 755 /usr/local/bin/fugue

5. Set environment variables FUGUE_API_ID and FUGUE_API_SECRET:

export FUGUE_API_ID=61ae1bed-1b6f-1234-5678-1a2b3c4d5e6f
export FUGUE_API_SECRET=f7a89ac99cab9dd2948712345678901234567890

6. You should be able to run the fugue executable now:

fugue

If you get an error message that the application cannot be opened, see these instructions.

Linux installation

1. Select the prebuilt fugue-linux-amd64 binary from the releases page on GitHub and save it to disk (do not open it):

2. cd into the directory where you downloaded fugue-linux-amd64.

3. Rename the binary fugue and move it to a location in your $PATH, such as /usr/local/bin. You can do both with the following command:

sudo mv fugue-linux-amd64 /usr/local/bin/fugue

4. Change file permissions to enable execution:

chmod 755 /usr/local/bin/fugue

5. Set environment variables FUGUE_API_ID and FUGUE_API_SECRET:

export FUGUE_API_ID=61ae1bed-1b6f-1234-5678-1a2b3c4d5e6f
export FUGUE_API_SECRET=f7a89ac99cab9dd2948712345678901234567890

6. You should be able to run the fugue executable now:

fugue

Windows installation

1. Download the prebuilt fugue.exe binary from the releases page on GitHub:

2. Open up cmd (Windows Command Shell) and create the directory C:\Fugue\bin:

md C:\Fugue\bin

3. cd into the directory where you downloaded fugue.exe and move the binary to C:\Fugue\bin:

move fugue.exe C:\Fugue\bin

4. Update PATH environment variable to add the new directory to your user path:

setx PATH "%PATH%;C:\Fugue\bin"

5. Set environment variables FUGUE_API_ID and FUGUE_API_SECRET:

setx FUGUE_API_ID 61ae1bed-1b6f-1234-5678-1a2b3c4d5e6f
setx FUGUE_API_SECRET f7a89ac99cab9dd2948712345678901234567890

6. Close the cmd window and open a new one so the environment variables take effect.

7. You should be able to run the fugue executable now:

fugue --version

Environment Variables

The client uses the following required environment variables:

• FUGUE_API_ID - your API client ID

• FUGUE_API_SECRET - your client secret

Accepted Parameter Values

How to format fugue flags

For a list of accepted values, see:

• --compliance-families: Compliance families

• --regions: AWS regions

• --remediation-resource-types, --survey-resource-types: Service Coverage - AWS & AWS GovCloud

• --providers: Providers

• --severity: Custom Rule Severity

Add quotation marks around each string. You may specify multiple values:

• "CIS-Azure_v1.1.0","GDPR_v2016","NIST-800-53_vRev4"

• "us-east-1","us-west-2"

• "my-azure-resource-group","another-azure-rg"

• "AWS.EC2.Vpc","AWS.SNS.Topic"

Note that you may also use --regions "*" to specify all regions.

Tips

env alias

You can use the alias env instead of environment throughout the CLI. For example, this command:

fugue create aws env [flags]

is the same as this command:

fugue create aws environment [flags]

Help for any command

The fugue help command returns helpful information for any command or subcommand. For each command, help text includes description, usage, a list of available subcommands, and flags. You can view it by using fugue [command] help, fugue [command] -h, or fugue [command] --help.

For more details, see the fugue help documentation.

Debugging

To see the HTTP headers and the JSON exchanged between the CLI and the Fugue API, set the environment variable DEBUG=1. For example:

DEBUG=1 fugue list environments

macOS Installation Error Message

On certain versions of macOS, you might see an error message that “fugue cannot be opened because the developer cannot be verified.”

You can safely run fugue by taking the following steps:

1. Select “Cancel” to dismiss the error message.

2. In macOS, access System Preferences > Security & Privacy and select the General tab.

3. Click the lock in the lower-left corner to unlock your computer and make changes.

4. Click “Allow Anyway.”

5. Run fugue again:

fugue

6. macOS will ask you to confirm that you want to open it. Click “Open.”

7. You can now run fugue commands.