CLI Scan Recipes

Accelerate adoption with ready-made commands for the most common security jobs. Adjust paths, URLs, and flags to match your environment.

Case Study: PayFlow’s Pre-Deployment Security Crisis

Background: PayFlow, a payment processing startup, discovered a critical SQL injection vulnerability 48 hours before their production launch. Their previous security tool (Veracode, $500/month) found the vulnerability but provided no guidance on how to fix it.

The Problem:

Critical SQL injection in payment processing endpoint
No security engineer on staff
Production launch scheduled in 48 hours
Previous tool only identified the issue, no fix guidance
Manual research would take 8-12 hours

The Solution: DevOps lead Marcus switched to Alprina and used the recipes below.

What Happened:

Hour 1: Ran local code audit recipe (Recipe 1 below)
Hour 2: Used alprina fix with AI-powered auto-fix
Hour 3: Generated before/after code with 92% confidence score
Hour 4: Applied fix, ran retest (Recipe 5 below)
Hour 6: Verified fix with penetration testing
Hour 8: Generated compliance report for stakeholders

Results:

Fixed critical vulnerability in 8 hours (vs 12+ hours manual)
Saved potential $4.45M breach cost (IBM average)
Launched on schedule with confidence
Switched from Veracode ( $500/mo) to Alprina ($ 99/mo Team tier)
Annual savings: $4,812

Marcus’s Quote: “Alprina didn’t just find the bug—it taught me how to fix it and prevented future occurrences. We saved our launch and $4,800/year.”

1. Local Code Audit

Purpose: scan a repository or microservice before merging.


cd /path/to/service
alprina scan . --profile code-audit --safe-only true --output ~/.alprina/out/service.json
alprina report --format html --output reports/service-audit.html

Next steps:

Open the HTML report with your team.
Use alprina chat --load ~/.alprina/out/service.json to walk through high-severity findings.

2. Web Recon on Staging

Purpose: map external exposure prior to launch.


alprina scan https://staging.example.com --profile web-recon --safe-only false --output ~/.alprina/out/staging-recon.json

Follow up in chat:


You: /scan https://staging.example.com
You: List the top offensive opportunities discovered.
You: Generate mitigation steps for the open redirect finding.

3. CI/CD Pull Request Gate

Purpose: prevent high-severity issues from shipping.


alprina scan ./src --profile code-audit --safe-only true --output scan-results.json
python - <<'PY'
import json, sys
findings = json.load(open("scan-results.json")).get("findings", [])
if any(f.get("severity") in {"CRITICAL", "HIGH"} for f in findings):
    print("Blocking build: high severity findings detected.")
    sys.exit(1)
PY

Upload scan-results.json as a build artifact for asynchronous review.

4. Incident Response Snapshot

Purpose: run DFIR analysis on collected logs or artifacts.


alprina scan ./incident-artifacts --profile dfir --output ~/.alprina/out/incident.json
alprina chat --load ~/.alprina/out/incident.json

5. Retest After Fixes

Purpose: confirm patch effectiveness.


alprina scan ./services/payments --profile code-audit --output ~/.alprina/out/payments-retest.json
alprina chat --load ~/.alprina/out/payments-retest.json

In chat:


You: Compare these results with the previous scan dated 2024-11-12.
You: Were the SQL injection findings resolved?

6. Scheduled External Monitoring

Purpose: run daily/weekly checks against critical endpoints.


#!/bin/bash
set -euo pipefail
TARGET=https://app.example.com
TIMESTAMP=$(date +%Y%m%d)
OUTPUT="$HOME/.alprina/out/monitor-$TIMESTAMP.json"
 
alprina scan "$TARGET" --profile web-recon --safe-only true --output "$OUTPUT"
alprina report --format pdf --output "reports/$TIMESTAMP-app-monitor.pdf"

Trigger via cron, GitHub Scheduled Workflows, or your preferred scheduler. Send the PDF to stakeholders automatically.

Combine these recipes with the Agent Field Guide to match the right expertise to each task. For deeper automation, see Automation Examples.