# Mobb CLI Overview

The community edition version of Mobb, or what we called **Bugsy**, is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code.

<figure><img src="/files/WjDtKlAmEfNzpP4AicoY" alt=""><figcaption></figcaption></figure>

## Modes

Bugsy has two main modes - [**scan**](/mobb-user-docs/getting-started/mobb-cli/scan-mode.md) (no SAST report needed) & [**analyze** ](/mobb-user-docs/getting-started/mobb-cli/analyze-mode.md)(the user must provide a pre-generated SAST report from one of the supported SAST tools).

Bugsy also has a [**review**](/mobb-user-docs/getting-started/mobb-cli/review-mode.md) mode and [**add-scm-token**](/mobb-user-docs/getting-started/mobb-cli/add-scm-token-mode.md) mode.

To check out all the supported modes, run the following help command:

```
npx mobbdev@latest --help
```

This will show you Bugsy's usage help:

```shell
Bugsy - Trusted, Automatic Vulnerability Fixer 🕵️‍♂️

Usage:
mobbdev <command> [options]


Commands:
  mobbdev scan               Scan your code for vulnerabilities, get automated fixes right away.
  mobbdev analyze            Provide a vulnerability report and relevant code repository, get automated fixes right away.
  mobbdev review             Mobb will review your github pull requests and provide comments with fixes
  mobbdev add-scm-token      Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes.
  mobbdev convert-to-sarif   Convert an existing SAST report to SARIF format.

Options:
  -h, --help  Show help                                                                                        [boolean]
```

## Debug Mode

To enable debug output, set `DEBUG=*` in your environment variable before running the Mobb CLI.

For example:

{% tabs %}
{% tab title="Linux/Mac" %}
Inline (temporary)

```
DEBUG=* npx mobbdev@latest
```

Or persistent (Session-Wide)

```
export DEBUG=*
npx mobbdev@latest
```

{% endtab %}

{% tab title="Powershell" %}

```
$env:DEBUG="*"
npx mobbdev@latest
```

{% endtab %}

{% tab title="CMD" %}

```
set DEBUG=*
npx mobbdev@latest
```

{% endtab %}
{% endtabs %}

## HTTPS\_PROXY settings

To enable the use of `HTTPS_PROXY`, set the value of the environment variable before running the Mobb CLI.

For example:

{% tabs %}
{% tab title="Linux/Mac" %}
Inline (temporary)

```
HTTPS_PROXY=https://test npx mobbdev@latest
```

Or persistent (Session-Wide)

```
export HTTPS_PROXY=https://test
npx mobbdev@latest
```

{% endtab %}

{% tab title="Powershell" %}

```
$env:HTTPS_PROXY = "https://test"
npx mobbdev@latest
```

{% endtab %}

{% tab title="CMD" %}

```
set HTTPS_PROXY=https://test
npx mobbdev@latest
```

{% endtab %}
{% endtabs %}

{% hint style="info" %}
Mobb CLI will accept both `https://` or `http://` URLs in `HTTPS_PROXY`
{% endhint %}

## Location of the Mobb Access Token

Bugsy automatically stores your Mobb access token in the `mobbdev.json` file. Here are the default storage locations of this file:

* Windows: `C:\Users\<USERNAME>\.config\configstore\mobbdev.json`
* Mac: `~/.config/configstore/mobbdev.json`

To update your Mobb access token, edit the file in a text editor and replace the value `YOUR_MOBB_API_TOKEN` with your Mobb access token as shown in the code snippet below.

{% code title="mobbdev.json" %}

```json
{
	"apiToken": "YOUR_MOBB_API_TOKEN"
}
```

{% endcode %}

If you haven’t generated your Mobb access token yet, click [here ](/mobb-user-docs/administration/access-tokens.md)to learn how to generate one.

To remove the Mobb access token, delete the `mobbdev.json` file from your file system.

## Single-Tenants

Below are single-tenant-specific instructions

### Environment Variables Settings for Mobb Single-Tenants

If your Mobb instance is in a single-tenant environment, you must configure the following environment variables to ensure Bugsy is communicating with the correct Mobb tenant instance.

`API_URL=https://api-st-<YOUR_CUSTOM_MOBB_DOMAIN>/v1/graphql`

`WEB_LOGIN_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>/cli-login`

`WEB_APP_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>`

Note: Replace `<YOUR_CUSTOM_MOBB_DOMAIN>` with your Mobb tenant domain.

Here is a sample code snippet. In this example, our Mobb domain is `TENANT_NAME.mobb.ai`:

{% tabs %}
{% tab title="Linux/Mac" %}
{% code title="sh" overflow="wrap" fullWidth="false" %}

```sh
#!/bin/sh

export API_URL="https://api-st-TENANT_NAME.mobb.ai/v1/graphql"
export WEB_LOGIN_URL="https://TENANT_NAME.mobb.ai/cli-login"
export WEB_APP_URL="https://TENANT_NAME.mobb.ai"

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration \
 --ref main --api-key xxxxxxxxxxxxxx --ci
```

{% endcode %}
{% endtab %}

{% tab title="Powershell" %}
{% code title="powershell" %}

```powershell
$env:API_URL="https://api-st-TENANT_NAME.mobb.ai/v1/graphql"
$env:WEB_LOGIN_URL="https://TENANT_NAME.mobb.ai/cli-login"
$env:WEB_APP_URL="https://TENANT_NAME.mobb.ai"

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration `
 --ref main --api-key xxxxxxxxxxxxxx --ci
```

{% endcode %}
{% endtab %}

{% tab title="CMD" %}
{% code title="cmd" overflow="wrap" %}

```sh
set API_URL=https://api-st-TENANT_NAME.mobb.ai/v1/graphql
set WEB_LOGIN_URL=https://TENANT_NAME.mobb.ai/cli-login
set WEB_APP_URL=https://TENANT_NAME.mobb.ai

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration --ref main --api-key xxxxxxxxxxxxxx --ci

```

{% endcode %}
{% endtab %}

{% tab title="Node.js" %}

1. Create a `.env` file in your project directory:

{% code title="ini" overflow="wrap" %}

```
API_URL=https://api-st-TENANT_NAME.mobb.ai/v1/graphql
WEB_LOGIN_URL=https://TENANT_NAME.mobb.ai/cli-login
WEB_APP_URL=https://TENANT_NAME.mobb.ai
```

{% endcode %}

2. Install `dotenv` if needed:

{% code title="sh" overflow="wrap" %}

```sh
npm install dotenv
```

{% endcode %}

3. Modify your script to load `.env`:

{% code title="javascript" overflow="wrap" %}

```javascript
require('dotenv').config();

console.log(process.env.API_URL);
```

{% endcode %}

4. Run Mobb CLI

{% code title="sh" overflow="wrap" %}

```sh
npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration --ref main --api-key xxxxxxxxxxxxxx --ci
```

{% endcode %}
{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.mobb.ai/mobb-user-docs/getting-started/mobb-cli.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.