# Pynt as a Standalone Container
{% hint style="success" %}
🚀 **At a Glance**: Pynt’s standalone container mode allows you to run the Pynt container without the CLI, making it ideal for systems like Kubernetes or container orchestration platforms. In this mode, you control Pynt through its APIs and route HTTP traffic through the container for security testing.
{% endhint %}
***
## Standalone container mode
Pynt container can run without the CLI, facilitating its use in various deployment scenarios beyond traditional Docker-based environments. This mode is particularly useful for systems leveraging Kubernetes or similar container orchestration platforms.
This mode is based on [Pynt command](https://docs.pynt.io/documentation/api-security-testing/pynt-cli-modes/pynt-command-cli-mode), but here the user is required to run the Pynt container, control it through APIs, and route the http traffic through the container.
There are two step needed for this integration:
**Run the Pynt Container:** This involves setting up and running the Pynt container. Pynt can operate as a stand-alone server, as long as it setup correctly.
**Control via APIs & Route HTTP Traffic:** After deploying the Pynt container, you will need to manage it through its APIs. Additionally, route your HTTP traffic through the container to have Pynt scan the traffic.
***
## How to run the Pynt **container**
`Image:`
* `ghcr.io/pynt-io/pynt:v1-latest`
`Ports:`
* `6666` - Pynt proxy port
* `5001` - port for API commands to Pynt server
`Environment variables:`
* `PYNT_ID="$PYNT_ID"` - Pynt credentials, [how to get it](https://docs.pynt.io/documentation/security-testing-integrations/pynt-on-ci-cd/how-to-get-pynt-id-for-ci-cd-authentication)
* `PYNT_SAAS_URL="https://api.pynt.io/v1"` - Pynt Platform's URL
`Flags:`
{% hint style="info" %}
When the application identifier is not provided, the scan results will not be saved in any application, and you can see it in the global views. The best practice is to provide the identifier.
{% endhint %}
* `--application-id` - [#where-can-i-find-the-application-id-1](https://docs.pynt.io/documentation/applications-view/application-view-overview#where-can-i-find-the-application-id-1 "mention")
* `--application-name` - Your existing application name or a new one. (the application will be created automatically if it does not exist)
Here is an example of running Pynt server using docker:
{% code overflow="wrap" %}
```bash
docker run -e PYNT_ID="$PYNT_ID" -p 6666:6666 -p 5001:5001 --rm ghcr.io/pynt-io/pynt:v1-latest proxy --application-name my-app
```
{% endcode %}
***
Running Pynt as standalone container
## How to control Pynt container
Once the Pynt container is running in your environment, run the Pynt scan by the following these steps:
1. Set a few environment variables pointing to the container (or to your local machine when exposing the ports):
```bash
export PYNT_SERVER_BASE=http://127.0.0.1
export PYNT_SERVER_URL=$PYNT_SERVER_BASE:5001
```
2. To activate the Pynt proxy, make a call to the `/api/proxy/start` endpoint. Once activated, Pynt will listen on port 6666 for incoming traffic. For example, you can use curl as follows:
```bash
scan_output=$(curl -X PUT $PYNT_SERVER_URL/api/proxy/start)
```
3. Run your functional tests through the Pynt proxy. Pynt will read and analyze the traffic. For example, using Python Pytest:
```bash
export HTTP_PROXY=$PYNT_SERVER_BASE:6666
export HTTPS_PROXY=$PYNT_SERVER_BASE:6666
pytest goat.py
```
4. To start a Pynt scan, you need to call the `/api/proxy/stop` endpoint, providing the `scan_id` in the message body. For example, you can use the following `curl` command:
curl -X PUT $PYNT_SERVER_URL/api/proxy/stop -d "$scan_output" -H "Content-Type: application/json"
5. Optionally, you can pass the Application ID and Test Name for improved management of this scan in the Pynt platform. For example:
### Retrieving Scan Reports
After running a Pynt scan, you can retrieve the scan report by polling the `/api/report` endpoint using the scan ID. This process ensures that you get the final report once the scan is complete.
#### **Polling for Report Completion**
Since scans take time to process, you must continuously check the report status until the scan completes. The server returns:
* **202 (Accepted):** The scan is still in progress.
* **200 (OK):** The scan is complete, and the report is available.
#### **Retrieving the HTML Report**
The HTML report provides a human-readable summary of the scan results.
**Example using `curl`**
{% code overflow="wrap" %}
```bash
scanId=$(echo $scan_output | jq -r .scanId)
status_code=$(curl -o "pynt_report.html" -s -w "%{http_code}\n" "$PYNT_SERVER_URL/api/report?scanId=$scanId&format=html")
```
{% endcode %}
This command saves the report as `pynt_report.html`
***
## Controlling the return code from Pynt
Pynt container have an optional flag `--severity-level`
With this flag, you have granular control over whether Pynt returns an error code (3) in the event of findings. Use this flag to control when Pynt will break the CI/CD run, allowed values are:
```
'all', 'medium', 'high', 'critical', 'none' (default)
```
***
#### **Retrieving the JSON Report**
The JSON report contains structured data about vulnerabilities, making it useful for integrations with other tools.
**Example using `curl`**
{% code overflow="wrap" %}
```bash
scanId=$(echo $scan_output | jq -r .scanId)
status_code=$(curl -o "pynt_report.json" -s -w "%{http_code}\n" "$PYNT_SERVER_URL/api/report?scanId=$scanId&format=json")
```
{% endcode %}
This command retrieves the scan results in JSON format and saves them as `pynt_report.json`
***
## Example: Pynt with Kubernetes
{% embed url="" %}
Pynt for Kubernetes
{% endembed %}
***
{% hint style="info" %}
💡 **Still Need Help?** For any questions or troubleshooting, reach out to the [**Pynt Community Support**](https://www.pynt.io/community).
{% endhint %}
