deepfence · gnmahanth · Dec 4, 2024 · Dec 4, 2024
diff --git a/ci-cd-integrations/circleci/.circleci/config.yml b/ci-cd-integrations/circleci/.circleci/config.yml
@@ -42,8 +42,8 @@ jobs:
       - run:
           name: Run Deepfence Vulnerability Mapper
           command: |
-            docker pull deepfenceio/deepfence_package_scanner_ce:v2
-            docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw deepfenceio/deepfence_package_scanner_ce:v2 -source "$FULL_IMAGE_NAME" -console-url=$DEEPFENCE_CONSOLE_URL -deepfence-key=$DEEPFENCE_KEY -fail-on-count=$FAIL_CVE_COUNT -fail-on-critical-count=$FAIL_CRITICAL_CVE_COUNT -fail-on-high-count=$FAIL_HIGH_CVE_COUNT -fail-on-medium-count=$FAIL_MEDIUM_CVE_COUNT -fail-on-low-count=$FAIL_LOW_CVE_COUNT -fail-on-score=$FAIL_CVE_SCORE -scan-type="base,java,python,ruby,php,nodejs,js,dotnet"
+            docker pull quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.1
+            docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.1 -source "$FULL_IMAGE_NAME" -console-url=$DEEPFENCE_CONSOLE_URL -deepfence-key=$DEEPFENCE_KEY -fail-on-count=$FAIL_CVE_COUNT -fail-on-critical-count=$FAIL_CRITICAL_CVE_COUNT -fail-on-high-count=$FAIL_HIGH_CVE_COUNT -fail-on-medium-count=$FAIL_MEDIUM_CVE_COUNT -fail-on-low-count=$FAIL_LOW_CVE_COUNT -fail-on-score=$FAIL_CVE_SCORE -scan-type="base,java,python,ruby,php,nodejs,js,dotnet"
           environment:
             DEEPFENCE_KEY: ""
             DEEPFENCE_CONSOLE_URL: ""
@@ -54,6 +54,8 @@ jobs:
             FAIL_LOW_CVE_COUNT: 100
             FAIL_CVE_SCORE: 10
             FULL_IMAGE_NAME: "go-server:1.0"
+            DEEPFENCE_LICENSE: ""
+            DEEPFENCE_PRODUCT: ""
 
   secret:
     docker:
@@ -69,8 +71,8 @@ jobs:
       - run:
           name: Run Deepfence Secret Scanner
           command: |
-            docker pull deepfenceio/deepfence_secret_scanner_ce:v2
-            docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw deepfenceio/deepfence_secret_scanner_ce:v2 -image-name "$FULL_IMAGE_NAME"  -fail-on-count=$FAIL_SECRET_COUNT -fail-on-high-count=$FAIL_HIGH_SECRET_COUNT -fail-on-medium-count=$FAIL_MEDIUM_SECRET_COUNT -fail-on-low-count=$FAIL_LOW_SECRET_COUNT
+            docker pull quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.1
+            docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.1 -image-name "$FULL_IMAGE_NAME"  -fail-on-count=$FAIL_SECRET_COUNT -fail-on-high-count=$FAIL_HIGH_SECRET_COUNT -fail-on-medium-count=$FAIL_MEDIUM_SECRET_COUNT -fail-on-low-count=$FAIL_LOW_SECRET_COUNT
           environment:
             DEEPFENCE_KEY: ""
             DEEPFENCE_CONSOLE_URL: ""
@@ -79,6 +81,8 @@ jobs:
             FAIL_MEDIUM_SECRET_COUNT: 100
             FAIL_LOW_SECRET_COUNT: 100
             FULL_IMAGE_NAME: "go-server:1.0"
+            DEEPFENCE_LICENSE: ""
+            DEEPFENCE_PRODUCT: ""
 
   malware:
     docker:
@@ -94,8 +98,8 @@ jobs:
       - run:
           name: Run Deepfence Malware Scanner
           command: |
-            docker pull deepfenceio/deepfence_malware_scanner_ce:v2
-            docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw deepfenceio/deepfence_malware_scanner_ce:v2 -image-name "$FULL_IMAGE_NAME"  -fail-on-count=$FAIL_MALWARE_COUNT -fail-on-high-count=$FAIL_HIGH_MALWARE_COUNT -fail-on-medium-count=$FAIL_MEDIUM_MALWARE_COUNT -fail-on-low-count=$FAIL_LOW_MALWARE_COUNT
+            docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.1
+            docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.1 -image-name "$FULL_IMAGE_NAME"  -fail-on-count=$FAIL_MALWARE_COUNT -fail-on-high-count=$FAIL_HIGH_MALWARE_COUNT -fail-on-medium-count=$FAIL_MEDIUM_MALWARE_COUNT -fail-on-low-count=$FAIL_LOW_MALWARE_COUNT
           environment:
             DEEPFENCE_KEY: ""
             DEEPFENCE_CONSOLE_URL: ""
@@ -104,6 +108,8 @@ jobs:
             FAIL_MEDIUM_MALWARE_COUNT: 100
             FAIL_LOW_MALWARE_COUNT: 100
             FULL_IMAGE_NAME: "go-server:1.0"
+            DEEPFENCE_LICENSE: ""
+            DEEPFENCE_PRODUCT: ""
 
 workflows:
   version: 2

diff --git a/ci-cd-integrations/github-actions/.github/workflows/malwares.yml b/ci-cd-integrations/github-actions/.github/workflows/malwares.yml
@@ -17,6 +17,8 @@ jobs:
       REPO: demo-app
       DEEPFENCE_CONSOLE_URL: 127.0.0.1
       DEEPFENCE_KEY: key
+      DEEPFENCE_LICENSE: ""
+      DEEPFENCE_PRODUCT: ""
     steps:
     - uses: actions/checkout@v2
 
@@ -38,9 +40,11 @@ jobs:
         FAIL_HIGH_MALWARE_COUNT: 10 # Fail build if number of high malwares found is >= this number. Set -1 to pass regardless of high malwares.
         FAIL_MEDIUM_MALWARE_COUNT: 20 # Fail build if number of medium malwares found is >= this number. Set -1 to pass regardless of medium malwares.
         FAIL_LOW_MALWARE_COUNT: 50 # Fail build if number of low malwares found is >= this number. Set -1 to pass regardless of low malwares.
+        DEEPFENCE_LICENSE: ""
+        DEEPFENCE_PRODUCT: ""
       run: |
-        docker pull deepfenceio/deepfence_malware_scanner_ce:v2
-        docker run -i --rm --net=host --privileged=true --cpus=\"0.3\" -v /var/run/docker.sock:/var/run/docker.sock:rw deepfenceio/deepfence_malware_scanner_ce:v2 -image-name "$FULL_IMAGE_NAME" -fail-on-count=$FAIL_MALWARE_COUNT -fail-on-high-count=$FAIL_HIGH_MALWARE_COUNT -fail-on-medium-count=$FAIL_MEDIUM_MALWARE_COUNT -fail-on-low-count=$FAIL_LOW_MALWARE_COUNT"
+        docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.1
+        docker run -i --rm --net=host --privileged=true --cpus=\"0.3\" -v /var/run/docker.sock:/var/run/docker.sock:rw quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.1 -image-name "$FULL_IMAGE_NAME" -fail-on-count=$FAIL_MALWARE_COUNT -fail-on-high-count=$FAIL_HIGH_MALWARE_COUNT -fail-on-medium-count=$FAIL_MEDIUM_MALWARE_COUNT -fail-on-low-count=$FAIL_LOW_MALWARE_COUNT"
 
     # Push to dockerhub
     - name: Push to Docker Hub

diff --git a/ci-cd-integrations/github-actions/.github/workflows/secrets.yml b/ci-cd-integrations/github-actions/.github/workflows/secrets.yml
@@ -17,6 +17,8 @@ jobs:
       REPO: demo-app
       DEEPFENCE_CONSOLE_URL: 127.0.0.1
       DEEPFENCE_KEY: key
+      DEEPFENCE_LICENSE: ""
+      DEEPFENCE_PRODUCT: ""
     steps:
     - uses: actions/checkout@v2
 
@@ -38,9 +40,11 @@ jobs:
         FAIL_HIGH_SECRET_COUNT: 10 # Fail build if number of high secrets found is >= this number. Set -1 to pass regardless of high secrets.
         FAIL_MEDIUM_SECRET_COUNT: 20 # Fail build if number of medium secrets found is >= this number. Set -1 to pass regardless of medium secrets.
         FAIL_LOW_SECRET_COUNT: 50 # Fail build if number of low secrets found is >= this number. Set -1 to pass regardless of low secrets.
+        DEEPFENCE_LICENSE: ""
+        DEEPFENCE_PRODUCT: ""
       run: |
-        docker pull deepfenceio/deepfence_secret_scanner_ce:v2
-        docker run -i --rm --net=host --privileged=true --cpus=\"0.3\" -v /var/run/docker.sock:/var/run/docker.sock:rw deepfenceio/deepfence_secret_scanner_ce:v2 -image-name "$FULL_IMAGE_NAME" -fail-on-count=$FAIL_SECRET_COUNT -fail-on-high-count=$FAIL_HIGH_SECRET_COUNT -fail-on-medium-count=$FAIL_MEDIUM_SECRET_COUNT -fail-on-low-count=$FAIL_LOW_SECRET_COUNT"
+        docker pull quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.1
+        docker run -i --rm --net=host --privileged=true --cpus=\"0.3\" -v /var/run/docker.sock:/var/run/docker.sock:rw quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.1 -image-name "$FULL_IMAGE_NAME" -fail-on-count=$FAIL_SECRET_COUNT -fail-on-high-count=$FAIL_HIGH_SECRET_COUNT -fail-on-medium-count=$FAIL_MEDIUM_SECRET_COUNT -fail-on-low-count=$FAIL_LOW_SECRET_COUNT"
 
     # Push to dockerhub
     - name: Push to Docker Hub

diff --git a/ci-cd-integrations/github-actions/.github/workflows/vulnerabilities.yml b/ci-cd-integrations/github-actions/.github/workflows/vulnerabilities.yml
@@ -17,6 +17,8 @@ jobs:
       REPO: demo-app
       DEEPFENCE_CONSOLE_URL: 127.0.0.1
       DEEPFENCE_KEY: key
+      DEEPFENCE_LICENSE: ""
+      DEEPFENCE_PRODUCT: ""
     steps:
     - uses: actions/checkout@v2
 
@@ -40,9 +42,11 @@ jobs:
         FAIL_MEDIUM_CVE_COUNT: 100 # Fail build if number of medium vulnerabilities found is >= this number. Set -1 to pass regardless of medium vulnerabilities.
         FAIL_LOW_CVE_COUNT: 100 # Fail build if number of low vulnerabilities found is >= this number. Set -1 to pass regardless of low vulnerabilities.
         FAIL_CVE_SCORE: 10 # Fail build if cumulative CVE score is >= this value. Set -1 to pass regardless of cve score.
+        DEEPFENCE_LICENSE: ""
+        DEEPFENCE_PRODUCT: ""
       run: |
-        docker pull deepfenceio/deepfence_package_scanner_ce:v2
-        docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw deepfenceio/deepfence_package_scanner_ce:v2 -source "$FULL_IMAGE_NAME" -console-url=$DEEPFENCE_CONSOLE_URL -deepfence-key=$DEEPFENCE_KEY -fail-on-count=$FAIL_CVE_COUNT -fail-on-critical-count=$FAIL_CRITICAL_CVE_COUNT -fail-on-high-count=$FAIL_HIGH_CVE_COUNT -fail-on-medium-count=$FAIL_MEDIUM_CVE_COUNT -fail-on-low-count=$FAIL_LOW_CVE_COUNT -fail-on-score=$FAIL_CVE_SCORE -scan-type="base,java,python,ruby,php,nodejs,js,dotnet"
+        docker pull quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.1
+        docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.1 -source "$FULL_IMAGE_NAME" -console-url=$DEEPFENCE_CONSOLE_URL -deepfence-key=$DEEPFENCE_KEY -fail-on-count=$FAIL_CVE_COUNT -fail-on-critical-count=$FAIL_CRITICAL_CVE_COUNT -fail-on-high-count=$FAIL_HIGH_CVE_COUNT -fail-on-medium-count=$FAIL_MEDIUM_CVE_COUNT -fail-on-low-count=$FAIL_LOW_CVE_COUNT -fail-on-score=$FAIL_CVE_SCORE -scan-type="base,java,python,ruby,php,nodejs,js,dotnet"
 
     # Push to dockerhub
     - name: Push to Docker Hub

diff --git a/ci-cd-integrations/gitlab/.gitlab-ci.yml b/ci-cd-integrations/gitlab/.gitlab-ci.yml
@@ -42,10 +42,12 @@ test-docker-build-and-vulnerabilities:
     FAIL_MEDIUM_CVE_COUNT: 1000
     FAIL_LOW_CVE_COUNT: 1000
     FAIL_CVE_SCORE: -1
+    DEEPFENCE_LICENSE: ""
+    DEEPFENCE_PRODUCT: ""
   script:
     - docker build -t $IMAGE_NAME .
-    - docker pull deepfenceio/deepfence_package_scanner_ce:v2
-    - docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw deepfenceio/deepfence_package_scanner_ce:v2 -source"$IMAGE_NAME" -console-url=$DEEPFENCE_CONSOLE_URL -deepfence-key=$DEEPFENCE_KEY -fail-on-count=$FAIL_CVE_COUNT -fail-on-critical-count=$FAIL_CRITICAL_CVE_COUNT -fail-on-high-count=$FAIL_HIGH_CVE_COUNT -fail-on-medium-count=$FAIL_MEDIUM_CVE_COUNT -fail-on-low-count=$FAIL_LOW_CVE_COUNT -fail-on-score=$FAIL_CVE_SCORE -scan-type="base,java,python,ruby,php,nodejs,js,dotnet"
+    - docker pull quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.1
+    - docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.1 -source"$IMAGE_NAME" -product=${DEEPFENCE_PRODUCT} -license=${DEEPFENCE_LICENSE} -console-url=$DEEPFENCE_CONSOLE_URL -deepfence-key=$DEEPFENCE_KEY -fail-on-count=$FAIL_CVE_COUNT -fail-on-critical-count=$FAIL_CRITICAL_CVE_COUNT -fail-on-high-count=$FAIL_HIGH_CVE_COUNT -fail-on-medium-count=$FAIL_MEDIUM_CVE_COUNT -fail-on-low-count=$FAIL_LOW_CVE_COUNT -fail-on-score=$FAIL_CVE_SCORE -scan-type="base,java,python,ruby,php,nodejs,js,dotnet"
 
 test-docker-build-and-secrets:
   image: docker:latest
@@ -60,10 +62,12 @@ test-docker-build-and-secrets:
     FAIL_HIGH_SECRET_COUNT: 10
     FAIL_MEDIUM_SECRET_COUNT: 20
     FAIL_LOW_SECRET_COUNT: 50
+    DEEPFENCE_LICENSE: ""
+    DEEPFENCE_PRODUCT: ""
   script:
     - docker build -t $IMAGE_NAME .
-    - docker pull deepfenceio/deepfence_secret_scanner_ce:v2
-    - docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw deepfenceio/deepfence_secret_scanner_ce:v2 -image-name "$IMAGE_NAME" -fail-on-count=$FAIL_SECRET_COUNT -fail-on-high-count=$FAIL_HIGH_SECRET_COUNT -fail-on-medium-count=$FAIL_MEDIUM_SECRET_COUNT -fail-on-low-count=$FAIL_LOW_SECRET_COUNT
+    - docker pull quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.1
+    - docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.1 -image-name "$IMAGE_NAME" -product=${DEEPFENCE_PRODUCT} -license=${DEEPFENCE_LICENSE} -fail-on-count=$FAIL_SECRET_COUNT -fail-on-high-count=$FAIL_HIGH_SECRET_COUNT -fail-on-medium-count=$FAIL_MEDIUM_SECRET_COUNT -fail-on-low-count=$FAIL_LOW_SECRET_COUNT
 
 test-docker-build-and-malwares:
   image: docker:latest
@@ -78,7 +82,9 @@ test-docker-build-and-malwares:
     FAIL_HIGH_MALWARE_COUNT: 10
     FAIL_MEDIUM_MALWARE_COUNT: 20
     FAIL_LOW_MALWARE_COUNT: 50
+    DEEPFENCE_LICENSE: ""
+    DEEPFENCE_PRODUCT: ""
   script:
     - docker build -t $IMAGE_NAME .
-    - docker pull deepfenceio/deepfence_malware_scanner_ce:v2
-    - docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw deepfenceio/deepfence_malware_scanner_ce:v2 -image-name "$IMAGE_NAME" -fail-on-count=$FAIL_MALWARE_COUNT -fail-on-high-count=$FAIL_HIGH_MALWARE_COUNT -fail-on-medium-count=$FAIL_MEDIUM_MALWARE_COUNT -fail-on-low-count=$FAIL_LOW_MALWARE_COUNT
+    - docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.1
+    - docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.1 -image-name "$IMAGE_NAME" -product=${DEEPFENCE_PRODUCT} -license=${DEEPFENCE_LICENSE} -fail-on-count=$FAIL_MALWARE_COUNT -fail-on-high-count=$FAIL_HIGH_MALWARE_COUNT -fail-on-medium-count=$FAIL_MEDIUM_MALWARE_COUNT -fail-on-low-count=$FAIL_LOW_MALWARE_COUNT
diff --git a/ci-cd-integrations/hashicorp-packer/malwares/docker.pkr.hcl b/ci-cd-integrations/hashicorp-packer/malwares/docker.pkr.hcl
@@ -33,8 +33,8 @@ build {
 
   post-processor "shell-local" {
     inline = [
-      "docker pull deepfenceio/deepfence_malware_scanner_ce:v2",
-      "docker run -i --rm --net=host --privileged=true --cpus=\"0.3\" -v /var/run/docker.sock:/var/run/docker.sock:rw deepfenceio/deepfence_malware_scanner_ce:v2 -image-name ${var.image_name}:${var.image_tag} -fail-on-count=${var.FAIL_MALWARE_COUNT} -fail-on-high-count=${var.FAIL_HIGH_MALWARE_COUNT} -fail-on-medium-count=${var.FAIL_MEDIUM_MALWARE_COUNT} -fail-on-low-count=${var.FAIL_LOW_MALWARE_COUNT}"
+      "docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.1",
+      "docker run -i --rm --net=host --privileged=true --cpus=\"0.3\" -v /var/run/docker.sock:/var/run/docker.sock:rw quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.1 -product=${var.deepfence_product} -license=${var.deepfence_license} -image-name ${var.image_name}:${var.image_tag} -fail-on-count=${var.FAIL_MALWARE_COUNT} -fail-on-high-count=${var.FAIL_HIGH_MALWARE_COUNT} -fail-on-medium-count=${var.FAIL_MEDIUM_MALWARE_COUNT} -fail-on-low-count=${var.FAIL_LOW_MALWARE_COUNT}"
     ]
   }
 }
diff --git a/ci-cd-integrations/hashicorp-packer/malwares/variables.pkr.hcl b/ci-cd-integrations/hashicorp-packer/malwares/variables.pkr.hcl
@@ -54,3 +54,14 @@ variable "image_tag" {
   sensitive = false
 }
 
+# deepfence_license variable can be overidden in variables.pkrvars.hcl
+variable "deepfence_license" {
+  type      = string
+  sensitive = true
+}
+
+# deepfence_product variable can be overidden in variables.pkrvars.hcl
+variable "deepfence_product" {
+  type      = string
+  sensitive = false
+}
diff --git a/ci-cd-integrations/hashicorp-packer/secrets/docker.pkr.hcl b/ci-cd-integrations/hashicorp-packer/secrets/docker.pkr.hcl
@@ -33,8 +33,8 @@ build {
 
   post-processor "shell-local" {
     inline = [
-      "docker pull deepfenceio/deepfence_secret_scanner_ce:v2",
-      "docker run -i --rm --net=host --privileged=true --cpus=\"0.3\" -v /var/run/docker.sock:/var/run/docker.sock:rw deepfenceio/deepfence_secret_scanner_ce:v2 -image-name ${var.image_name}:${var.image_tag} -fail-on-count=${var.FAIL_SECRET_COUNT} -fail-on-high-count=${var.FAIL_HIGH_SECRET_COUNT} -fail-on-medium-count=${var.FAIL_MEDIUM_SECRET_COUNT} -fail-on-low-count=${var.FAIL_LOW_SECRET_COUNT}"
+      "docker pull quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.1",
+      "docker run -i --rm --net=host --privileged=true --cpus=\"0.3\" -v /var/run/docker.sock:/var/run/docker.sock:rw quay.io/deepfenceio/deepfence_secret_scanner_ce:2.5.1 -product=${var.deepfence_product} -license=${var.deepfence_license} -image-name ${var.image_name}:${var.image_tag} -fail-on-count=${var.FAIL_SECRET_COUNT} -fail-on-high-count=${var.FAIL_HIGH_SECRET_COUNT} -fail-on-medium-count=${var.FAIL_MEDIUM_SECRET_COUNT} -fail-on-low-count=${var.FAIL_LOW_SECRET_COUNT}"
     ]
   }
 }
diff --git a/ci-cd-integrations/hashicorp-packer/secrets/variables.pkr.hcl b/ci-cd-integrations/hashicorp-packer/secrets/variables.pkr.hcl
@@ -54,3 +54,14 @@ variable "image_tag" {
   sensitive = false
 }
 
+# deepfence_license variable can be overidden in variables.pkrvars.hcl
+variable "deepfence_license" {
+  type      = string
+  sensitive = true
+}
+
+# deepfence_product variable can be overidden in variables.pkrvars.hcl
+variable "deepfence_product" {
+  type      = string
+  sensitive = false
+}
diff --git a/ci-cd-integrations/hashicorp-packer/vulnerabilities/docker.pkr.hcl b/ci-cd-integrations/hashicorp-packer/vulnerabilities/docker.pkr.hcl
@@ -33,8 +33,8 @@ build {
 
   post-processor "shell-local" {
     inline = [
-      "docker pull deepfenceio/deepfence_package_scanner_ce:v2",
-      "docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw deepfenceio/deepfence_package_scanner_ce:v2 -source ${var.image_name}:${var.image_tag} -console-url=${var.DEEPFENCE_CONSOLE_URL} -deepfence-key=${var.DEEPFENCE_KEY} -fail-on-count=${var.FAIL_CVE_COUNT} -fail-on-score=${var.FAIL_CVE_SCORE} -fail-on-critical-count ${var.FAIL_CRITICAL_CVE_COUNT} -scan-type=\"base,java,python,ruby,php,nodejs,js,dotnet\""
+      "docker pull quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.1",
+      "docker run -i --rm --net=host --privileged=true -v /var/run/docker.sock:/var/run/docker.sock:rw quay.io/deepfenceio/deepfence_package_scanner_cli:2.5.1 -product=${var.deepfence_product} -license=${var.deepfence_license} -source ${var.image_name}:${var.image_tag} -console-url=${var.DEEPFENCE_CONSOLE_URL} -deepfence-key=${var.DEEPFENCE_KEY} -fail-on-count=${var.FAIL_CVE_COUNT} -fail-on-score=${var.FAIL_CVE_SCORE} -fail-on-critical-count ${var.FAIL_CRITICAL_CVE_COUNT} -scan-type=\"base,java,python,ruby,php,nodejs,js,dotnet\""
     ]
   }
 }
diff --git a/ci-cd-integrations/hashicorp-packer/vulnerabilities/variables.pkr.hcl b/ci-cd-integrations/hashicorp-packer/vulnerabilities/variables.pkr.hcl
@@ -68,3 +68,14 @@ variable "image_tag" {
   sensitive = false
 }
 
+# deepfence_license variable can be overidden in variables.pkrvars.hcl
+variable "deepfence_license" {
+  type      = string
+  sensitive = true
+}
+
+# deepfence_product variable can be overidden in variables.pkrvars.hcl
+variable "deepfence_product" {
+  type      = string
+  sensitive = false
+}