Mobb CLI Overview

PreviousWorking with the Fix Report NextAnalyze Mode

Last updated 1 month ago

Was this helpful?

Mobb CLI Overview

The community edition version of Mobb, or what we called Bugsy, is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code.

Modes

To check out all the supported modes, run the following help command:

npx mobbdev@latest --help

This will show you Bugsy's usage help:

Bugsy - Trusted, Automatic Vulnerability Fixer 🕵️‍♂️

Usage:
mobbdev <command> [options]


Commands:
  mobbdev scan               Scan your code for vulnerabilities, get automated fixes right away.
  mobbdev analyze            Provide a vulnerability report and relevant code repository, get automated fixes right away.
  mobbdev review             Mobb will review your github pull requests and provide comments with fixes
  mobbdev add-scm-token      Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes.
  mobbdev convert-to-sarif   Convert an existing SAST report to SARIF format.

Options:
  -h, --help  Show help                                                                                        [boolean]

Debug Mode

To enable debug output, set DEBUG=* in your environment variable before running the Mobb CLI.

For example:

Inline (temporary)

DEBUG=* npx mobbdev@latest

Or persistent (Session-Wide)

export DEBUG=*
npx mobbdev@latest

$env:DEBUG="*"
npx mobbdev@latest

set DEBUG=*
npx mobbdev@latest

HTTPS_PROXY settings

To enable the use of HTTPS_PROXY, set the value of the environment variable before running the Mobb CLI.

For example:

Inline (temporary)

HTTPS_PROXY=https://test npx mobbdev@latest

Or persistent (Session-Wide)

export HTTPS_PROXY=https://test
npx mobbdev@latest

$env:HTTPS_PROXY = "https://test"
npx mobbdev@latest

set HTTPS_PROXY=https://test
npx mobbdev@latest

Mobb CLI will accept both https:// or http:// URLs in HTTPS_PROXY

Location of the Mobb Access Token

Bugsy automatically stores your Mobb access token in the mobbdev.json file. Here are the default storage locations of this file:

Windows: C:\Users\<USERNAME>\.config\configstore\mobbdev.json
Mac: ~/.config/configstore/mobbdev.json

To update your Mobb access token, edit the file in a text editor and replace the value YOUR_MOBB_API_TOKEN with your Mobb access token as shown in the code snippet below.

mobbdev.json

{
	"apiToken": "YOUR_MOBB_API_TOKEN"
}

To remove the Mobb access token, delete the mobbdev.json file from your file system.

Single-Tenants

Below are single-tenant-specific instructions

Environment Variables Settings for Mobb Single-Tenants

If your Mobb instance is in a single-tenant environment, you must configure the following environment variables to ensure Bugsy is communicating with the correct Mobb tenant instance.

API_URL=https://api-st-<YOUR_CUSTOM_MOBB_DOMAIN>/v1/graphql

WEB_LOGIN_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>/cli-login

WEB_APP_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>

Note: Replace <YOUR_CUSTOM_MOBB_DOMAIN> with your Mobb tenant domain.

Here is a sample code snippet. In this example, our Mobb domain is TENANT_NAME.mobb.ai:

#!/bin/sh

export API_URL="https://api-st-TENANT_NAME.mobb.ai/v1/graphql"
export WEB_LOGIN_URL="https://TENANT_NAME.mobb.ai/cli-login"
export WEB_APP_URL="https://TENANT_NAME.mobb.ai"

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration \
 --ref main --api-key xxxxxxxxxxxxxx --ci

powershell

$env:API_URL="https://api-st-TENANT_NAME.mobb.ai/v1/graphql"
$env:WEB_LOGIN_URL="https://TENANT_NAME.mobb.ai/cli-login"
$env:WEB_APP_URL="https://TENANT_NAME.mobb.ai"

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration `
 --ref main --api-key xxxxxxxxxxxxxx --ci

cmd

set API_URL=https://api-st-TENANT_NAME.mobb.ai/v1/graphql
set WEB_LOGIN_URL=https://TENANT_NAME.mobb.ai/cli-login
set WEB_APP_URL=https://TENANT_NAME.mobb.ai

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration --ref main --api-key xxxxxxxxxxxxxx --ci

Create a .env file in your project directory:

ini

API_URL=https://api-st-TENANT_NAME.mobb.ai/v1/graphql
WEB_LOGIN_URL=https://TENANT_NAME.mobb.ai/cli-login
WEB_APP_URL=https://TENANT_NAME.mobb.ai

Install dotenv if needed:

npm install dotenv

Modify your script to load .env:

javascript

require('dotenv').config();

console.log(process.env.API_URL);

Run Mobb CLI

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration --ref main --api-key xxxxxxxxxxxxxx --ci

PreviousWorking with the Fix Report NextAnalyze Mode

Last updated 1 month ago

Was this helpful?

The community edition version of Mobb, or what we called Bugsy, is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code.

Modes

Bugsy has two main modes - (no SAST report needed) & (the user must provide a pre-generated SAST report from one of the supported SAST tools).

Bugsy also has a mode and mode.

To check out all the supported modes, run the following help command:

npx mobbdev@latest --help

This will show you Bugsy's usage help:

Bugsy - Trusted, Automatic Vulnerability Fixer 🕵️‍♂️

Usage:
mobbdev <command> [options]


Commands:
  mobbdev scan               Scan your code for vulnerabilities, get automated fixes right away.
  mobbdev analyze            Provide a vulnerability report and relevant code repository, get automated fixes right away.
  mobbdev review             Mobb will review your github pull requests and provide comments with fixes
  mobbdev add-scm-token      Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes.
  mobbdev convert-to-sarif   Convert an existing SAST report to SARIF format.

Options:
  -h, --help  Show help                                                                                        [boolean]

Debug Mode

To enable debug output, set DEBUG=* in your environment variable before running the Mobb CLI.

For example:

Inline (temporary)

DEBUG=* npx mobbdev@latest

Or persistent (Session-Wide)

export DEBUG=*
npx mobbdev@latest

$env:DEBUG="*"
npx mobbdev@latest

set DEBUG=*
npx mobbdev@latest

HTTPS_PROXY settings

To enable the use of HTTPS_PROXY, set the value of the environment variable before running the Mobb CLI.

For example:

Inline (temporary)

HTTPS_PROXY=https://test npx mobbdev@latest

Or persistent (Session-Wide)

export HTTPS_PROXY=https://test
npx mobbdev@latest

$env:HTTPS_PROXY = "https://test"
npx mobbdev@latest

set HTTPS_PROXY=https://test
npx mobbdev@latest

Mobb CLI will accept both https:// or http:// URLs in HTTPS_PROXY

Location of the Mobb Access Token

Bugsy automatically stores your Mobb access token in the mobbdev.json file. Here are the default storage locations of this file:

Windows: C:\Users\<USERNAME>\.config\configstore\mobbdev.json
Mac: ~/.config/configstore/mobbdev.json

To update your Mobb access token, edit the file in a text editor and replace the value YOUR_MOBB_API_TOKEN with your Mobb access token as shown in the code snippet below.

mobbdev.json

{
	"apiToken": "YOUR_MOBB_API_TOKEN"
}

If you haven’t generated your Mobb access token yet, click to learn how to generate one.

To remove the Mobb access token, delete the mobbdev.json file from your file system.

Single-Tenants

Below are single-tenant-specific instructions

Environment Variables Settings for Mobb Single-Tenants

If your Mobb instance is in a single-tenant environment, you must configure the following environment variables to ensure Bugsy is communicating with the correct Mobb tenant instance.

API_URL=https://api-st-<YOUR_CUSTOM_MOBB_DOMAIN>/v1/graphql

WEB_LOGIN_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>/cli-login

WEB_APP_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>

Note: Replace <YOUR_CUSTOM_MOBB_DOMAIN> with your Mobb tenant domain.

Here is a sample code snippet. In this example, our Mobb domain is TENANT_NAME.mobb.ai:

#!/bin/sh

export API_URL="https://api-st-TENANT_NAME.mobb.ai/v1/graphql"
export WEB_LOGIN_URL="https://TENANT_NAME.mobb.ai/cli-login"
export WEB_APP_URL="https://TENANT_NAME.mobb.ai"

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration \
 --ref main --api-key xxxxxxxxxxxxxx --ci

powershell

$env:API_URL="https://api-st-TENANT_NAME.mobb.ai/v1/graphql"
$env:WEB_LOGIN_URL="https://TENANT_NAME.mobb.ai/cli-login"
$env:WEB_APP_URL="https://TENANT_NAME.mobb.ai"

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration `
 --ref main --api-key xxxxxxxxxxxxxx --ci

cmd

set API_URL=https://api-st-TENANT_NAME.mobb.ai/v1/graphql
set WEB_LOGIN_URL=https://TENANT_NAME.mobb.ai/cli-login
set WEB_APP_URL=https://TENANT_NAME.mobb.ai

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration --ref main --api-key xxxxxxxxxxxxxx --ci

Create a .env file in your project directory:

ini

API_URL=https://api-st-TENANT_NAME.mobb.ai/v1/graphql
WEB_LOGIN_URL=https://TENANT_NAME.mobb.ai/cli-login
WEB_APP_URL=https://TENANT_NAME.mobb.ai

Install dotenv if needed:

npm install dotenv

Modify your script to load .env:

javascript

require('dotenv').config();

console.log(process.env.API_URL);

Run Mobb CLI

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration --ref main --api-key xxxxxxxxxxxxxx --ci