# From the Pentestas repo
git clone https://github.com/pentestas/pentestas.git
chmod +x pentestas/cli/pentestas
# Copy to your PATH:
cp pentestas/cli/pentestas /usr/local/bin/

# Option A: env var
export PENTESTAS_API_KEY=aa_…

# Option B: persist to ~/.pentestas/config.json (chmod 0600)
pentestas login
# Prompt: Paste your Pentestas API key:

# Simple
pentestas start -u https://staging.example.com

# With a YAML config (auth flow, rules, etc.)
pentestas start -u https://app.example.com -c scan.yaml

# With a local repo for white-box mode
pentestas start -u https://app.example.com -r ./  -c scan.yaml

# Wait until complete (exits non-zero if any HIGH+ finding)
pentestas start -u https://app.example.com -w 1h

pentestas status <scan_id>
# Prints phase, finding count, and current progress message.

pentestas list --status running --limit 20
# One line per scan: <id>  <status>  <findings>  <target>

pentestas logs <scan_id>

- name: Pentestas scan on staging
  env:
    PENTESTAS_API_KEY: ${{ secrets.PENTESTAS_API_KEY }}
  run: |
    curl -fsSL https://install.pentestas.com/cli | bash
    pentestas start \
      -u https://staging-${{ github.sha }}.example.com \
      -c .pentestas/scan.yaml \
      -r . \
      -w 45m

pentest:
  stage: security
  image: python:3.12-slim
  script:
    - pip install httpx
    - pentestas start -u $STAGING_URL -c .pentestas/scan.yaml -w 1h
  only:
    - main

{
  "api_key": "aa_…",
  "base": "https://app.pentestas.com"
}