The community edition version of Mobb, or what we called Bugsy, is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code.
Modes
Bugsy has two main modes - Scan (no SAST report needed) & Analyze (the user must provide a pre-generated SAST report from one of the supported SAST tools).
Bugsy also has a review mode and add-scm-token mode, which are explained later.
To check out all the supported modes, run the following help command:
npx mobbdev@latest --help
This will show you Bugsy's usage help:
Bugsy - Trusted, Automatic Vulnerability Fixer 🕵️♂️
Usage:
mobbdev <command> [options]
Commands:
mobbdev scan Scan your code for vulnerabilities, get automated fixes right away.
mobbdev analyze Provide a vulnerability report and relevant code repository, get automated fixes right away.
mobbdev review Mobb will review your github pull requests and provide comments with fixes
mobbdev add-scm-token Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes.
Options:
-h, --help Show help [boolean]
Location of the Mobb Access Token
Bugsy automatically stores your Mobb access token in the mobbdev.json file. Here are the default storage locations of this file:
To update your Mobb access token, edit the file in a text editor and replace the value YOUR_MOBB_API_TOKEN with your Mobb access token as shown in the code snippet below.
mobbdev.json
{
"apiToken": "YOUR_MOBB_API_TOKEN"
}
If you haven’t generated your Mobb access token yet, click here to learn how to generate one.
To remove the Mobb access token, delete the mobbdev.json file from your file system.
Single-Tenants
Below are single-tenant-specific instructions
Environment Variables Settings for Mobb Single-Tenants
If your Mobb instance is in a single-tenant environment, you must configure the following environment variables to ensure Bugsy is communicating with the correct Mobb tenant instance.
set API_URL=https://api-st-TENANT_NAME.mobb.ai/v1/graphql
set WEB_LOGIN_URL=https://TENANT_NAME.mobb.ai/cli-login
set WEB_APP_URL=https://TENANT_NAME.mobb.ai
npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration --ref main --api-key xxxxxxxxxxxxxx --ci