Mobb User Docs
Start NowBlogsWatch NowContact Us
  • What is Mobb?
  • What's New with Mobb
  • Supported Fixes
  • Getting Started
    • System Requirements
    • Onboarding Guide
      • Registering a Mobb account
      • Try Mobb now!
      • Running Mobb against your own code
      • Automate Mobb in a CI/CD pipeline
    • Working with the Fix Report
    • Mobb CLI Overview
      • Analyze Mode
      • Scan Mode
      • Add SCM Token Mode
      • Review Mode
      • Convert-to-SARIF Mode
      • Common Deployment Scenarios
  • Mobb Dashboard
  • Integrating SAST Findings
    • Checkmarx
      • Generating Checkmarx One JSON Report from CLI
    • Snyk
    • SonarQube
      • Generating a SonarQube SAST Report
    • Fortify
    • CodeQL
    • Semgrep/Opengrep
      • Generating a Semgrep SAST Report
      • Generating an Opengrep SAST Report
  • CI/CD Integrations
    • GitHub Actions
      • GitHub Fixer for CxOne
      • GitHub Fixer for Opengrep
    • GitLab Pipeline
    • Azure DevOps
    • Jenkins
    • CircleCI
    • Bamboo
    • Bitbucket Pipeline
    • Harness
  • Administration
    • User Management
    • Project Settings
    • Access Tokens
    • Organization-Level Fix Policy
    • Integrations Page
    • SAML Single Sign-On Flow
  • More Info
    • Mobb Broker
      • Mobb Broker Token Rotation
      • Secure storage of Mobb broker in AWS Secrets Manager
    • Providing Fix Feedback
    • Frequently Asked Questions (FAQ)
    • Data Protection and Retention
    • Service Level Agreement
  • Fixing Guides
    • SQL Injection
    • Path Traversal
    • Log Forging
    • XSS
    • XXE
    • Server Side Request Forgery
    • HttpOnly Cookie Vulnerabilities
    • Hardcoded Domain in HTML
    • Hardcoded Secrets
    • HTTP Response Splitting Attacks
    • Insecure Cookie Vulnerabilities
    • Insecure Randomness
    • Missing Check against Null
    • Missing Rate Limiting
    • Regex Missing Timeout
    • System Information Leakage
  • Mobb REST API Guide
Powered by GitBook
On this page
  • Overview
  • Analyze Mode - Usage
  • Example
  • Automatic PR

Was this helpful?

  1. Getting Started
  2. Mobb CLI Overview

Analyze Mode

Overview

  • Analyzes a Checkmarx/CodeQL/Fortify/Snyk/SonarQube/Semgrep/Opengrep vulnerability report to identify issues that can be remediated automatically

  • Produces the code fixes and redirects the user to the fix report page on the Mobb platform

Analyze Mode - Usage

To check what options are available under the analyze mode, run:

npx mobbdev@latest analyze --help

Here is the output of the help file:

npx mobbdev@latest analyze --help
cli.mjs analyze

Provide a vulnerability report and relevant code repository, get automated fixes right away.

Options:
  -f, --scan-file               Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube,
                                Semgrep)                                                             [string] [required]
  -r, --repo                    Github / GitLab / Azure DevOps repository URL                        [string] [required]
  -p, --src-path                Path to the repository folder with the source code; alternatively, you can specify the
                                Fortify FPR file to extract source code out of it                               [string]
      --ref                     Reference of the repository (branch, tag, commit)                               [string]
      --mobb-project-name       Mobb project name                                 [string] [default: "My first project"]
  -y, --yes                     Skip prompts and use default values                                            [boolean]
      --ci                      Run in CI mode, prompts and browser will not be opened        [boolean] [default: false]
      --org, --organization-id  Organization id                                                                 [string]
      --api-key                 Mobb authentication api-key                                                     [string]
      --auto-pr                 Enable automatic pull requests for new fixes                  [boolean] [default: false]
      --commit-directly         Commit directly to the scanned branch instead of creating a pull request
                                                                                              [boolean] [default: false]
      --help                    Show help                                                                      [boolean]

Example

To get fixes for a pre-generated SAST report, run the Bugsy Analyze command. Example:

npx mobbdev analyze --scan-file sast_results.json --repo https://github.com/mobb-dev/simple-vulnerable-java-project

Bugsy will automatically generate a fix for each supported vulnerability identified in the results, and refer the developer to review and commit the fixes to their code.

Automatic PR

To enable automatic PR, make sure to enable --auto-pr flag in your npx mobbdev@latest analyze command. For example:

npx mobbdev@latest analyze --auto-pr --ci --scan-file $SAST_RESULTS_FILENAME --repo $CI_PROJECT_URL --ref $CI_COMMIT_REF_NAME --api-key $MOBB_API_KEY

PreviousMobb CLI OverviewNextScan Mode

Last updated 2 months ago

Was this helpful?

Click to learn more about the Automatic PR feature.

here