The Spice Labs CLI is a containerized CLI tool for scanning your systems and uploading results to a Spice Labs server.
It wraps two tools:
spice-labs-cli.sh is a lightweight wrapper that runs the container for you.
It detects your environment, mounts input/output directories, and passes arguments to spicelabs.sh.
SPICE_PASS=... ./spice-labs-cli.sh --command run --input ./my-artifacts./spice-labs-cli.sh [--command <cmd>] [--input <path>] [--output <path>] [--ci] [--quiet|--verbose]| Command | Description |
|---|---|
run (default) |
Scan and upload in one step |
scan-artifacts |
Run goatrodeo only |
upload-adgs |
Upload a pre-scanned ADG directory |
upload-deployment-events |
Upload JSON deployment event logs from stdin |
--input: path to scan or upload (defaults to./)--output: output path (for scan only)--quiet/--verbose: control logging--ci: CI/CD mode (auto-silent unless overridden)SPICE_PASS: required environment variable for authentication
Scan and upload:
SPICE_PASS=... ./spice-labs-cli.sh --command run --input ./srcCI usage:
SPICE_PASS=... ./spice-labs-cli.sh --command upload-adgs --input ./out --ciUpload deployment events:
cat deploy.json | SPICE_PASS=... ./spice-labs-cli.sh --command upload-deployment-eventsYou can also run everything directly using Docker and spicelabs.sh inside the container.
docker run --rm \
-e SPICE_PASS=... \
-v "$PWD/input:/mnt/input" \
-v "$PWD/output:/mnt/output" \
ghcr.io/spice-labs-inc/spice-labs-cli:latest \
--command run --input /mnt/input --output /mnt/outputUpload only:
docker run --rm -e SPICE_PASS=... -v "$PWD/output:/mnt/input" \
ghcr.io/spice-labs-inc/spice-labs-cli:latest \
--command upload-adgs --input /mnt/inputUpload deployment events:
cat deploy.json | docker run -i --rm -e SPICE_PASS=... \
ghcr.io/spice-labs-inc/spice-labs-cli:latest --command upload-deployment-eventsThis tool is maintained by Spice Labs.
Licensed under the Apache License 2.0. See LICENSE for details.