Merge pull request #226 from levoai/new-cli-options

Add docs on using the CLI with a proxy
levoai · Apr 15, 2024 · a7bf979 · a7bf979
2 parents 093fee3 + 75a87e7
commit a7bf979
Showing 1 changed file with 23 additions and 1 deletion.
diff --git a/docs/security-testing/test-laptop/levo-cli-command-reference.md b/docs/security-testing/test-laptop/levo-cli-command-reference.md
@@ -223,4 +223,26 @@ Options:
 ##### Usage Examples
 `levo test-plan export-env --lrn "acme-gizmo-org:ws/buchi:app/Demo_crAPI:tp/Demo_crAPI" --local-dir ./`
 
-[env-yaml]: /guides/security-testing/concepts/test-plans/env-yml.md
+## Additional Notes
+
+### Usage with a proxy
+
+#### Option 1: Copy proxy CA certificate
+
+The CLI container does not have access to the host's CA certificates. If you are using a proxy with a self-signed certificate, you can copy the CA certificate to `$HOME/.config/configstore/ca-cert.pem` on the host. This directory is mounted as a volume in the CLI container in the alias. The CLI will read this file if it exists and load it into the container's CA certificate store.
+
+#### Option 2: Use the `--ignore-ssl-verify` option
+
+You can use the `--ignore-ssl-verify` flag with the `levo` command to disable SSL verification for **all** requests made by the CLI, for example:
+
+```shell
+levo --ignore-ssl-verify test --target-url https://crapi.levo.ai --app-lrn your-app
+```
+
+The usage of this option is discouraged unless absolutely necessary.
+
+:::tip
+Adding the `--ignore-ssl-verify` flag after the `test` subcommand, e.g. `levo test --ignore-ssl-verify`, will cause SSL verification to be ignored only for the requests sent to the target server.
+:::
+
+[env-yaml]: /guides/security-testing/concepts/test-plans/env-yml.md