Mobb User Docs
Start NowBlogsWatch NowContact Us
  • What is Mobb?
  • What's New with Mobb
  • Supported Fixes
  • Getting Started
    • System Requirements
    • Onboarding Guide
      • Registering a Mobb account
      • Try Mobb now!
      • Running Mobb against your own code
      • Automate Mobb in a CI/CD pipeline
    • Working with the Fix Report
    • Mobb CLI Overview
      • Analyze Mode
      • Scan Mode
      • Add SCM Token Mode
      • Review Mode
      • Convert-to-SARIF Mode
      • Common Deployment Scenarios
  • Mobb Dashboard
  • Integrating SAST Findings
    • Checkmarx
      • Generating Checkmarx One JSON Report from CLI
    • Snyk
    • SonarQube
      • Generating a SonarQube SAST Report
    • Fortify
    • CodeQL
    • Semgrep/Opengrep
      • Generating a Semgrep SAST Report
      • Generating an Opengrep SAST Report
  • CI/CD Integrations
    • GitHub Actions
      • GitHub Fixer for CxOne
      • GitHub Fixer for Opengrep
    • GitLab Pipeline
    • Azure DevOps
    • Jenkins
    • CircleCI
    • Bamboo
    • Bitbucket Pipeline
    • Harness
  • Administration
    • User Management
    • Project Settings
    • Access Tokens
    • Organization-Level Fix Policy
    • Integrations Page
    • Single Sign-On (SSO)
      • Connecting Okta to Mobb
      • SAML Single Sign-On Flow
  • More Info
    • Mobb Broker
      • Mobb Broker Token Rotation
      • Secure storage of Mobb broker in AWS Secrets Manager
    • Providing Fix Feedback
    • Frequently Asked Questions (FAQ)
    • Data Protection and Retention
    • Service Level Agreement
  • Fixing Guides
    • SQL Injection
    • Path Traversal
    • Log Forging
    • XSS
    • XXE
    • Server Side Request Forgery
    • HttpOnly Cookie Vulnerabilities
    • Hardcoded Domain in HTML
    • Hardcoded Secrets
    • HTTP Response Splitting Attacks
    • Insecure Cookie Vulnerabilities
    • Insecure Randomness
    • Missing Check against Null
    • Missing Rate Limiting
    • Regex Missing Timeout
    • System Information Leakage
  • Mobb REST API Guide
Powered by GitBook
On this page
  • Modes
  • Debug Mode
  • HTTPS_PROXY settings
  • Location of the Mobb Access Token
  • Single-Tenants
  • Environment Variables Settings for Mobb Single-Tenants

Was this helpful?

  1. Getting Started

Mobb CLI Overview

PreviousWorking with the Fix ReportNextAnalyze Mode

Last updated 1 month ago

Was this helpful?

The community edition version of Mobb, or what we called Bugsy, is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code.

Modes

To check out all the supported modes, run the following help command:

npx mobbdev@latest --help

This will show you Bugsy's usage help:

Bugsy - Trusted, Automatic Vulnerability Fixer 🕵️‍♂️

Usage:
mobbdev <command> [options]


Commands:
  mobbdev scan               Scan your code for vulnerabilities, get automated fixes right away.
  mobbdev analyze            Provide a vulnerability report and relevant code repository, get automated fixes right away.
  mobbdev review             Mobb will review your github pull requests and provide comments with fixes
  mobbdev add-scm-token      Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes.
  mobbdev convert-to-sarif   Convert an existing SAST report to SARIF format.

Options:
  -h, --help  Show help                                                                                        [boolean]

Debug Mode

To enable debug output, set DEBUG=* in your environment variable before running the Mobb CLI.

For example:

Inline (temporary)

DEBUG=* npx mobbdev@latest

Or persistent (Session-Wide)

export DEBUG=*
npx mobbdev@latest
$env:DEBUG="*"
npx mobbdev@latest
set DEBUG=*
npx mobbdev@latest

HTTPS_PROXY settings

To enable the use of HTTPS_PROXY, set the value of the environment variable before running the Mobb CLI.

For example:

Inline (temporary)

HTTPS_PROXY=https://test npx mobbdev@latest

Or persistent (Session-Wide)

export HTTPS_PROXY=https://test
npx mobbdev@latest
$env:HTTPS_PROXY = "https://test"
npx mobbdev@latest
set HTTPS_PROXY=https://test
npx mobbdev@latest

Mobb CLI will accept both https:// or http:// URLs in HTTPS_PROXY

Location of the Mobb Access Token

Bugsy automatically stores your Mobb access token in the mobbdev.json file. Here are the default storage locations of this file:

  • Windows: C:\Users\<USERNAME>\.config\configstore\mobbdev.json

  • Mac: ~/.config/configstore/mobbdev.json

To update your Mobb access token, edit the file in a text editor and replace the value YOUR_MOBB_API_TOKEN with your Mobb access token as shown in the code snippet below.

mobbdev.json
{
	"apiToken": "YOUR_MOBB_API_TOKEN"
}

To remove the Mobb access token, delete the mobbdev.json file from your file system.

Single-Tenants

Below are single-tenant-specific instructions

Environment Variables Settings for Mobb Single-Tenants

If your Mobb instance is in a single-tenant environment, you must configure the following environment variables to ensure Bugsy is communicating with the correct Mobb tenant instance.

API_URL=https://api-st-<YOUR_CUSTOM_MOBB_DOMAIN>/v1/graphql

WEB_LOGIN_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>/cli-login

WEB_APP_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>

Note: Replace <YOUR_CUSTOM_MOBB_DOMAIN> with your Mobb tenant domain.

Here is a sample code snippet. In this example, our Mobb domain is TENANT_NAME.mobb.ai:

sh
#!/bin/sh

export API_URL="https://api-st-TENANT_NAME.mobb.ai/v1/graphql"
export WEB_LOGIN_URL="https://TENANT_NAME.mobb.ai/cli-login"
export WEB_APP_URL="https://TENANT_NAME.mobb.ai"

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration \
 --ref main --api-key xxxxxxxxxxxxxx --ci
powershell
$env:API_URL="https://api-st-TENANT_NAME.mobb.ai/v1/graphql"
$env:WEB_LOGIN_URL="https://TENANT_NAME.mobb.ai/cli-login"
$env:WEB_APP_URL="https://TENANT_NAME.mobb.ai"

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration `
 --ref main --api-key xxxxxxxxxxxxxx --ci

cmd
set API_URL=https://api-st-TENANT_NAME.mobb.ai/v1/graphql
set WEB_LOGIN_URL=https://TENANT_NAME.mobb.ai/cli-login
set WEB_APP_URL=https://TENANT_NAME.mobb.ai

npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration --ref main --api-key xxxxxxxxxxxxxx --ci

  1. Create a .env file in your project directory:

ini
API_URL=https://api-st-TENANT_NAME.mobb.ai/v1/graphql
WEB_LOGIN_URL=https://TENANT_NAME.mobb.ai/cli-login
WEB_APP_URL=https://TENANT_NAME.mobb.ai
  1. Install dotenv if needed:

sh
npm install dotenv
  1. Modify your script to load .env:

javascript
require('dotenv').config();

console.log(process.env.API_URL);
  1. Run Mobb CLI

sh
npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration --ref main --api-key xxxxxxxxxxxxxx --ci

Bugsy has two main modes - (no SAST report needed) & (the user must provide a pre-generated SAST report from one of the supported SAST tools).

Bugsy also has a mode and mode.

If you haven’t generated your Mobb access token yet, click to learn how to generate one.

scan
analyze
review
add-scm-token
here