Mobb CLI Overview

The community edition version of Mobb, or what we called Bugsy, is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code.

Modes

Bugsy has two main modes - scan (no SAST report needed) & analyze (the user must provide a pre-generated SAST report from one of the supported SAST tools).

Bugsy also has a review mode and add-scm-token mode.

To check out all the supported modes, run the following help command:

npx mobbdev@latest --help

This will show you Bugsy's usage help:

Bugsy - Trusted, Automatic Vulnerability Fixer 🕵️‍♂️

Usage:
mobbdev <command> [options]


Commands:
  mobbdev scan               Scan your code for vulnerabilities, get automated fixes right away.
  mobbdev analyze            Provide a vulnerability report and relevant code repository, get automated fixes right away.
  mobbdev review             Mobb will review your github pull requests and provide comments with fixes
  mobbdev add-scm-token      Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes.
  mobbdev convert-to-sarif   Convert an existing SAST report to SARIF format.

Options:
  -h, --help  Show help                                                                                        [boolean]

Debug Mode

To enable debug output, set DEBUG=* in your environment variable before running the Mobb CLI.

For example:

Inline (temporary)

DEBUG=* npx mobbdev@latest

Or persistent (Session-Wide)

export DEBUG=*
npx mobbdev@latest

HTTPS_PROXY settings

To enable the use of HTTPS_PROXY, set the value of the environment variable before running the Mobb CLI.

For example:

Inline (temporary)

HTTPS_PROXY=https://test npx mobbdev@latest

Or persistent (Session-Wide)

export HTTPS_PROXY=https://test
npx mobbdev@latest

Mobb CLI will accept both https:// or http:// URLs in HTTPS_PROXY

Location of the Mobb Access Token

Bugsy automatically stores your Mobb access token in the mobbdev.json file. Here are the default storage locations of this file:

  • Windows: C:\Users\<USERNAME>\.config\configstore\mobbdev.json

  • Mac: ~/.config/configstore/mobbdev.json

To update your Mobb access token, edit the file in a text editor and replace the value YOUR_MOBB_API_TOKEN with your Mobb access token as shown in the code snippet below.

mobbdev.json
{
	"apiToken": "YOUR_MOBB_API_TOKEN"
}

If you haven’t generated your Mobb access token yet, click here to learn how to generate one.

To remove the Mobb access token, delete the mobbdev.json file from your file system.

Single-Tenants

Below are single-tenant-specific instructions

Environment Variables Settings for Mobb Single-Tenants

If your Mobb instance is in a single-tenant environment, you must configure the following environment variables to ensure Bugsy is communicating with the correct Mobb tenant instance.

API_URL=https://api-st-<YOUR_CUSTOM_MOBB_DOMAIN>/v1/graphql

WEB_LOGIN_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>/cli-login

WEB_APP_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>

Note: Replace <YOUR_CUSTOM_MOBB_DOMAIN> with your Mobb tenant domain.

Here is a sample code snippet. In this example, our Mobb domain is TENANT_NAME.mobb.ai:

sh
#!/bin/sh

export API_URL="https://api-st-TENANT_NAME.mobb.ai/v1/graphql"
export WEB_LOGIN_URL="https://TENANT_NAME.mobb.ai/cli-login"
export WEB_APP_URL="https://TENANT_NAME.mobb.ai"

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration \
 --ref main --api-key xxxxxxxxxxxxxx --ci

Last updated

Was this helpful?