Work with Scripts
Qualys CAR has a repository of scripts stored in its database. These scripts can be applied to multiple assets and tags. Apart from the scripts in the CAR repository, you can also use scripts posted on the Qualys GitHub account. You can also import scripts from your GitHub or GitLab repository.
The following limits are applicable to scripts:
- Script Creation: A user can create a maximum of 5000 scripts.
- Script Execution: A user can execute a maximum of 1000 scripts per day.
You can share the output of the script execution job with different apps that are registered to get the script output.
The maximum script size limit for both Linux and Windows platforms is 500 KB. The API Gateway service version that you use must be 2.4.0-7 or later to support 1 MB script output.
Windows agent adheres to the PowerShScripts with potentially system-impacting commandsell execution policy set on the host on which a script is executed.
You may choose to bypass the PowerShell execution policy set on the host. While adding assets to a script, use the Bypass Powershell Execution Policy toggle switch to specify if you want to override the PowerShell execution policy on Windows hosts. When you switch this option to Yes, both signed and unsigned scripts are executed on the agent, irrespective of the PowerShell execution policy set on the asset.
The Scripts tab lists all the scripts that you created.
Scripts imported from GitHub or GitLab
If you have imported a script from a GitHub or GitLab repository, the script is displayed with the following icons:
- GitHub Script:
- GitLab Script:
Quick Actions for Scripts
You can perform the following actions on the scripts from the various options present in the Quick Actions menu:
| Action | Description |
|---|---|
|
View Details |
Displays details such as Script ID, date, and time when the script was last updated, platform, category, and so on. In case of a script imported from GitHub or GitLab, details include the date and time when the script was last synced with GitHub or GitLab, repository name, and the repository owner, besides other relevant details. For more details, refer to View Job Details. |
|
Edit |
Allows you to edit the selected script. For more details, refer to Edit Unapproved Scripts. |
|
Enable auto sync |
Allows you to auto-sync your script with GitHub or GitLab. The GitHub or GitLab sync occurs every four hours. This option is available only for those scripts that are imported from GitHub or GitLab, and the Sync the script with GitHub/GitLab toggle was enabled while creating the script. For more details, refer to Create Custom Scripts. |
| Disable auto sync | If you want to disable auto-sync, select Disable auto sync from quick actions. |
|
Sync with GitHub/GitLab now
|
Lets you initiate an on-demand sync with GitHub or GitLab. You can perform an on-demand sync at any time, even if the Automated option was selected for GitHub or GitLab sync. This option is available only for those scripts that are imported from GitHub or GitLab. The last sync date and time are displayed below the script name. The caution For more details, refer to Create Custom Scripts. |
|
Modify GitHub/GitLab Access Token |
Lets you update the access token for all imported scripts. This option is available only if the selected script was imported from a GitHub or GitLab private repository. The modified GitHub or GitLab access token is updated in CAR. Qualys recommends that you provide an access token that does not have an expiration limit. For more details, refer to Create Custom Scripts. |
|
Test Script |
Lets you evaluate a script on a test asset before you execute it on production assets. This option is available only when the script is in the Pending Test status. For more details, refer to Test Scripts. |
|
Review
|
Lets you approve or reject a script. You must have the appropriate user rights to approve or reject a script. For more details, refer to: |
|
Run Now |
Allows you to execute the script immediately. This option is available only when the script is approved. For more details, refer to Execute Scripts. |
|
Schedule |
Allows you to create a schedule for the selected script. For more details, refer to Scheduling Scripts. |
|
Clone |
Allows you to create a copy of an existing script along with its assets, tags, and other properties. For more details, refer to Clone Scripts. |
|
Export Script |
Lets you export a script and save it on your local computer. For more details, refer to Export Scripts. |
|
Deprecate |
Lets you deprecate a script that’s no longer required. You must have the 'View Jobs' permission to view the job details of a script. For more details, refer to: |
|
View Latest Job |
Lets you view the status of the selected script and other corresponding details. This option is not available for scripts with Pending Test status. For more details, refer to: |
|
View All Jobs |
Lets you select a script and view details of the most recent job or all jobs within a recurring cycle. You must have the View Jobs permission to view the job details of a script. For more details, refer to: |
| View Schedules | Lets you view all schedules associated with the script. |
| View Pending Asset Jobs | Let's you view all the pending asset jobs of the script with their statuses. |
icon denotes that sync with GitHub or GitLab has failed.Related Topics