Introducing Triangulum

The Triangulum Command Line Interface (Triangulum CLI) is a tool that enables you to run various scans depending on your requirements. Triangulum is the scanning engine used by Strobes. If you want to initiate any of the scans (that you usually initiate using Strobes) on your local machine, on your build server, you can download the Triangulum CLI and initiate the scans.


Triangulum CLI requires docker to be installed. Once you download the Triangulum CLI, you also need to give it permission to execute. It can be run on Windows, Linux and MacOS.

Using Triangulum CLI you can invoke the following scans:

Static Security Scanners

  • AppScan SAST
  • Bandit
  • Brakeman for ROR
  • Dependency Scanner
  • FlawFinder
  • Git Leaks
  • Gosec
  • MobSF
  • NodejsScan
  • PHP CodeSniffer
  • Semgrep
  • Security Code Scan
  • SpotBugs

Container Scanners

  • Trivy
  • Anchore

Dynamic Application Scanners

  • Nuclei
  • ZAP Rest API Scanner
  • ZAP Web Application Scanner

Cloud Scanners

  • CloudMapper
  • CloudSploit
  • Prowler 

Download Links

Windows -

Linux - 

OSX - 


Triangulum CLI Usage

sham@ubuntu-s-1vcpu-1gb-blr1-01:~$ ./triangulum --help
usage: triangulum [-h] [-c COMMAND] [--cli] [--register-hook] [--cfg CFG] [-v]

optional arguments:
-h, --help show this help message and exit
-c COMMAND Command to Triangulum to start, stop, restart or view
--cli For running triangulum in cli version
--register-hook For registering a hook in git repos
--cfg CFG Optional absolute config file path in case of using cli
-v, --version Triangulum version
--debug Enable debug mode

To use the Triangulum CLI, you will have to use the '--cli' flag.

To invoke scans using the Triangulum CLI, you will have to create configuration files. You can configure only one scan per YAML file, but you can create multiple scan configuration files and place them all in a folder.

The following articles will detail all the various configuration options for SAST, DAST, Cloud and Container scanners.

Configuring SAST



Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.

Articles in this section