1. Help Center
  2. OpsCompass Integrations

Using the OpsCompass Resource Scanning API

Within the OpsCompass CLI Client, users are now able to trigger scans of individual resources or whole cloud accounts.

Getting Started

This article assumes that you have already downloaded and configured the OpsCompass CLI against your OpsCompass environment. For more information regarding installation and setup you can reference the article Getting Started with OpsCompass Command Line Interface. If you have previously set up the CLI, ensure that you are running the latest version, to do this simply run the command 'opscompass' and if you are out of date, the CLI will prompt you with the appropriate command to run to update. 

Example Update Message:

Resource Scan Overview 

Within OpsCompass there is a concept of a resource scan. During a resource scan, OpsCompass fetches the latest cloud provider resource configurations analyzes of the data retrieved. Examples of some analyses taken during a scan are: 

  • Comparison of resource configuration against compliance checks, possibly resulting in newly discovered or fixed compliance problems.
  • Comparison of previously retrieved resource configuration, possibly resulting in drift.
  • For applicable resources, retrieve cloud provider metrics for resources.

A scan in OpsCompass occurs is triggered usually: 

  1. Periodically, every 8 hours (depending on the type of cloud account).
  2. Initially when a cloud account is connected.
The resource scan CLI call is a third option for when a cloud account or resource can be scanned in OpsCompass. The CLI command accepts the following parameters 

--company This parameter is required. Expects the input to be a company slug of the company in which the cloud account lives within. 
--account This parameter is required. This is the cloud identifier of the account you wish to scan. Only specifying the account with no other optional parameters will scan the entirety of the cloud account. 
-- ids  This parameter is optional. Expects the input to be a list of numerical OpsCompass assigned identifiers.  
-- resourceIds This parameter is optional. Expects the input to be a list of cloud identifiers for the resources you wish to scan. 
--resourceTags This parameter is optional. Expects the tag values of the resources within the account to scan. 


Help message as seen within the CLI: 


Scanning a Whole Cloud Account

As mentioned previously, you can initiate a whole account scan by only specifying the required parameters company & account. Below is an example:

opscompass resources scan --company my-Company --account 123456789876

Scanning Resources by Tags

One optional parameter 'resourceTags' allows for scanning resources within an account context, but only ones having the resource tag that is passed. Below is an example: 

opscompass resources scan --company my-Company --account 123456789876 --resourceTags deployment-06-01-2023 

Scanning Resources by ID 

The optional parameters 'ids' and 'resourceIds' allow for scanning individual resources within an account context. Below is an example of specifically scanning 3 resources by their OpsCompass numerical id. 

opscompass resources scan --company my-Company --account 123465789876 --ids 10123,20312,876231

How long does a scan take?

Currently there is no method for tracking an OpsCompass scan after initiated. Depending on request frequency and timing of the request the scan could take around 15 to 20 minutes to completion.