Mobb CLI Overview
The community edition version of Mobb, or what we called Bugsy, is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code.

Modes
Bugsy has two main modes - scan (no SAST report needed) & analyze (the user must provide a pre-generated SAST report from one of the supported SAST tools).
Bugsy also has a review mode and add-scm-token mode.
To check out all the supported modes, run the following help command:
npx mobbdev@latest --help
This will show you Bugsy's usage help:
Bugsy - Trusted, Automatic Vulnerability Fixer 🕵️♂️
Usage:
mobbdev <command> [options]
Commands:
mobbdev scan Scan your code for vulnerabilities, get automated fixes right away.
mobbdev analyze Provide a vulnerability report and relevant code repository, get automated fixes right away.
mobbdev review Mobb will review your github pull requests and provide comments with fixes
mobbdev add-scm-token Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes.
mobbdev convert-to-sarif Convert an existing SAST report to SARIF format.
Options:
-h, --help Show help [boolean]
Debug Mode
To enable debug output, set DEBUG=*
in your environment variable before running the Mobb CLI.
For example:
Inline (temporary)
DEBUG=* npx mobbdev@latest
Or persistent (Session-Wide)
export DEBUG=*
npx mobbdev@latest
HTTPS_PROXY settings
To enable the use of HTTPS_PROXY
, set the value of the environment variable before running the Mobb CLI.
For example:
Inline (temporary)
HTTPS_PROXY=https://test npx mobbdev@latest
Or persistent (Session-Wide)
export HTTPS_PROXY=https://test
npx mobbdev@latest
Location of the Mobb Access Token
Bugsy automatically stores your Mobb access token in the mobbdev.json
file. Here are the default storage locations of this file:
Windows:
C:\Users\<USERNAME>\.config\configstore\mobbdev.json
Mac:
~/.config/configstore/mobbdev.json
To update your Mobb access token, edit the file in a text editor and replace the value YOUR_MOBB_API_TOKEN
with your Mobb access token as shown in the code snippet below.
{
"apiToken": "YOUR_MOBB_API_TOKEN"
}
If you haven’t generated your Mobb access token yet, click here to learn how to generate one.
To remove the Mobb access token, delete the mobbdev.json
file from your file system.
Single-Tenants
Below are single-tenant-specific instructions
Environment Variables Settings for Mobb Single-Tenants
If your Mobb instance is in a single-tenant environment, you must configure the following environment variables to ensure Bugsy is communicating with the correct Mobb tenant instance.
API_URL=https://api-st-<YOUR_CUSTOM_MOBB_DOMAIN>/v1/graphql
WEB_LOGIN_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>/cli-login
WEB_APP_URL=https://<YOUR_CUSTOM_MOBB_DOMAIN>
Note: Replace <YOUR_CUSTOM_MOBB_DOMAIN>
with your Mobb tenant domain.
Here is a sample code snippet. In this example, our Mobb domain is TENANT_NAME.mobb.ai
:
#!/bin/sh
export API_URL="https://api-st-TENANT_NAME.mobb.ai/v1/graphql"
export WEB_LOGIN_URL="https://TENANT_NAME.mobb.ai/cli-login"
export WEB_APP_URL="https://TENANT_NAME.mobb.ai"
npx mobbdev@latest analyze -f "report.xml" -r https://ado-test.onemobb.net/DefaultCollection/_git/Mobb-CX-on-prem-integration \
--ref main --api-key xxxxxxxxxxxxxx --ci
Last updated
Was this helpful?