Mobb CLI Overview

The community edition version of Mobb, or what we called Bugsy, is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code.

Modes

Bugsy has two main modes - Scan (no SAST report needed) & Analyze (the user must provide a pre-generated SAST report from one of the supported SAST tools).

Bugsy also has a review mode and add-scm-token mode, which are explained later.

To check out all the supported modes, run the following help command:

npx mobbdev@latest --help

This will show you Bugsy's usage help:

Bugsy - Trusted, Automatic Vulnerability Fixer 🕵️‍♂️

Usage:
mobbdev <command> [options]


Commands:
  mobbdev scan           Scan your code for vulnerabilities, get automated fixes right away.
  mobbdev analyze        Provide a vulnerability report and relevant code repository, get automated fixes right away.
  mobbdev review         Mobb will review your github pull requests and provide comments with fixes
  mobbdev add-scm-token  Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes.

Options:
  -h, --help  Show help                                                                                        [boolean]

Location of the Mobb Access Token

Bugsy automatically stores your Mobb access token in the mobbdev.json file. Here are the default storage locations of this file:

• Windows: C:\Users\<USERNAME>\.config\configstore\mobbdev.json

• Mac: ~/.config/configstore/mobbdev.json

To update your Mobb access token, edit the file in a text editor and replace the value YOUR_MOBB_API_TOKEN with your Mobb access token as shown in the code snippet below.

{
	"apiToken": "YOUR_MOBB_API_TOKEN"
}

If you haven’t generated your Mobb access token yet, click here to learn how to generate one.

To remove the Mobb access token, delete the mobbdev.json file from your file system.

Single-Tenants

Below are single-tenant-specific instructions

Environment Variables Settings for Mobb Single-Tenants

If your Mobb instance is in a single-tenant environment, you must configure the following environment variables to ensure Bugsy is communicating with the correct Mobb tenant instance.

API_URL=https://api-st-<YOUR_CUSTOM_MOBB_DOMAIN>/v1/graphql

WEB_LOGIN_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>/cli-login

WEB_APP_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>

Note: Replace <YOUR_CUSTOM_MOBB_DOMAIN> with your Mobb tenant domain.

Here is a sample code snippet. In this example, our Mobb domain is TENANT_NAME.mobb.ai:

#!/bin/sh

export API_URL="https://api-st-TENANT_NAME.mobb.ai/v1/graphql"
export WEB_LOGIN_URL="https://TENANT_NAME.mobb.ai/cli-login"
export WEB_APP_URL="https://TENANT_NAME.mobb.ai"

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration \
 --ref main --api-key xxxxxxxxxxxxxx --ci

$env:API_URL="https://api-st-TENANT_NAME.mobb.ai/v1/graphql"
$env:WEB_LOGIN_URL="https://TENANT_NAME.mobb.ai/cli-login"
$env:WEB_APP_URL="https://TENANT_NAME.mobb.ai"

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration `
 --ref main --api-key xxxxxxxxxxxxxx --ci

set API_URL=https://api-st-TENANT_NAME.mobb.ai/v1/graphql
set WEB_LOGIN_URL=https://TENANT_NAME.mobb.ai/cli-login
set WEB_APP_URL=https://TENANT_NAME.mobb.ai

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration --ref main --api-key xxxxxxxxxxxxxx --ci

API_URL=https://api-st-TENANT_NAME.mobb.ai/v1/graphql
WEB_LOGIN_URL=https://TENANT_NAME.mobb.ai/cli-login
WEB_APP_URL=https://TENANT_NAME.mobb.ai

npm install dotenv

require('dotenv').config();

console.log(process.env.API_URL);

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration --ref main --api-key xxxxxxxxxxxxxx --ci