Mobb CLI Overview

The community edition version of Mobb, or what we called Bugsy, is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code.

Modes

Bugsy has two main modes - scan (no SAST report needed) & analyze (the user must provide a pre-generated SAST report from one of the supported SAST tools).

Bugsy also has a review mode and add-scm-token mode.

To check out all the supported modes, run the following help command:

This will show you Bugsy's usage help:

Debug Mode

To enable debug output, set DEBUG=* in your environment variable before running the Mobb CLI.

For example:

HTTPS_PROXY settings

To enable the use of HTTPS_PROXY, set the value of the environment variable before running the Mobb CLI.

For example:

Location of the Mobb Access Token

Bugsy automatically stores your Mobb access token in the mobbdev.json file. Here are the default storage locations of this file:

• Windows: C:\Users\<USERNAME>\.config\configstore\mobbdev.json

• Mac: ~/.config/configstore/mobbdev.json

To update your Mobb access token, edit the file in a text editor and replace the value YOUR_MOBB_API_TOKEN with your Mobb access token as shown in the code snippet below.

If you haven’t generated your Mobb access token yet, click here to learn how to generate one.

To remove the Mobb access token, delete the mobbdev.json file from your file system.

Single-Tenants

Below are single-tenant-specific instructions

Environment Variables Settings for Mobb Single-Tenants

If your Mobb instance is in a single-tenant environment, you must configure the following environment variables to ensure Bugsy is communicating with the correct Mobb tenant instance.

API_URL=https://api-st-<YOUR_CUSTOM_MOBB_DOMAIN>/v1/graphql

WEB_LOGIN_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>/cli-login

WEB_APP_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>

Note: Replace <YOUR_CUSTOM_MOBB_DOMAIN> with your Mobb tenant domain.

Here is a sample code snippet. In this example, our Mobb domain is TENANT_NAME.mobb.ai: