# Analyze Mode ## Overview * Analyzes a Checkmarx/CodeQL/Fortify/Snyk/SonarQube/Semgrep/Opengrep vulnerability report to identify issues that can be remediated automatically * Produces the code fixes and redirects the user to the fix report page on the Mobb platform ### Analyze Mode - Usage To check what options are available under the analyze mode, run: ``` npx mobbdev@latest analyze --help ``` Here is the output of the help file: ``` npx mobbdev@latest analyze --help cli.mjs analyze Provide a code repository, get automated fixes right away. You can also provide a vulnerability report to analyze or have Mobb scan the code for you. Options: -f, --scan-file Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube, Semgrep, Datadog) [string] -r, --repo Github / GitLab / Azure DevOps repository URL [string] [required] -p, --src-path Path to the repository folder with the source code; alternatively, you can specify the Fortify FPR file to extract source code out of it [string] --ref Reference of the repository (branch, tag, commit) [string] --mobb-project-name Mobb project name [string] [default: "My first project"] -y, --yes Skip prompts and use default values [boolean] --ci Run in CI mode, prompts and browser will not be opened [boolean] [default: false] --org, --organization-id Organization id [string] --api-key Mobb authentication api-key [string] --auto-pr Enable automatic pull requests for new fixes[boolean] [default: false] --create-one-pr Create a single unified PR for all fixes (requires --auto-pr) [boolean] [default: false] --commit-directly Commit directly to the scanned branch instead of creating a pull request [boolean] [default: false] --pull-request, --pr, --pr-number, --pr-id Number of the pull request [number] --polling Use HTTP polling instead of WebSocket for status updates. Useful for proxy environments or firewalls that block WebSocket connections. Polling interval: 5 seconds, timeout: 30 minutes. [boolean] [default: false] --help Show help [boolean] ``` ## Example To get fixes for a pre-generated SAST report, run the **Bugsy Analyze** command. Example: ```sh npx mobbdev analyze --scan-file sast_results.json --repo https://github.com/mobb-dev/simple-vulnerable-java-project ``` Bugsy will automatically generate a fix for each supported vulnerability identified in the results, and refer the developer to review and commit the fixes to their code. ## Automatic PR To enable automatic PR, make sure to enable `--auto-pr` flag in your `npx mobbdev@latest` analyze command. For example: ``` npx mobbdev@latest analyze --auto-pr --ci --scan-file $SAST_RESULTS_FILENAME --repo $CI_PROJECT_URL --ref $CI_COMMIT_REF_NAME --api-key $MOBB_API_KEY ``` Click [here](https://docs.mobb.ai/mobb-user-docs/administration/fix-policy#automatic-pr) to learn more about the Automatic PR feature. ## Scan (with Opengrep) and Fix Mode Mobb CLI also supports a special **scan and fix mode** that uses Mobb's internal Opengrep scanner to automatically scan your repository and generate fixes without requiring a pre-existing vulnerability report. ### How to Use Scan and Fix Mode To activate scan and fix mode, simply **omit the `-f` (scan-file) parameter** from your analyze command. The CLI will automatically use Mobb's internal scanner to identify vulnerabilities and generate fixes. ### Example ```sh npx mobbdev@latest analyze -r https://github.com/antonychiu2/marinus-sm --ref main --api-key XXXXXX --ci ``` Notice that there's no `-f` or `--scan-file` parameter in this command. When no scan file is provided, Mobb will: * **Scan** the repository using Mobb's internal Opengrep scanner * **Generate** automated fixes for supported issues along with a fix report ### Benefits of Scan and Fix Mode * **No external scanner required**: No need to run Checkmarx, Snyk, or other SAST tools first * **Streamlined workflow**: One command to scan and fix * **Built-in scanner**: Uses Mobb's optimized Opengrep engine * **Immediate results**: Get fixes without waiting for external scan reports