Analyze Mode
Overview
Analyzes a Checkmarx/CodeQL/Fortify/Snyk/SonarQube/Semgrep/Opengrep vulnerability report to identify issues that can be remediated automatically
Produces the code fixes and redirects the user to the fix report page on the Mobb platform
Analyze Mode - Usage
To check what options are available under the analyze mode, run:
npx mobbdev@latest analyze --helpHere is the output of the help file:
npx mobbdev@latest analyze --help
cli.mjs analyze
Provide a vulnerability report and relevant code repository, get automated fixes right away.
Options:
-f, --scan-file Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify,
CodeQL, Sonarqube, Semgrep, Datadog) [string]
-r, --repo Github / GitLab / Azure DevOps repository URL [string] [required]
-p, --src-path Path to the repository folder with the source code; alternatively, you
can specify the Fortify FPR file to extract source code out of it
[string]
--ref Reference of the repository (branch, tag, commit) [string]
--mobb-project-name Mobb project name [string] [default: "My first project"]
-y, --yes Skip prompts and use default values [boolean]
--ci Run in CI mode, prompts and browser will not be opened
[boolean] [default: false]
--org, --organization-id Organization id [string]
--api-key Mobb authentication api-key [string]
--auto-pr Enable automatic pull requests for new fixes[boolean] [default: false]
--create-one-pr Create a single unified PR for all fixes (requires --auto-pr)
[boolean] [default: false]
--commit-directly Commit directly to the scanned branch instead of creating a pull
request [boolean] [default: false]
--pull-request, --pr, --pr-number, --pr-id Number of the pull request [number]
--help Show help [boolean]
Example
To get fixes for a pre-generated SAST report, run the Bugsy Analyze command. Example:
npx mobbdev analyze --scan-file sast_results.json --repo https://github.com/mobb-dev/simple-vulnerable-java-projectBugsy will automatically generate a fix for each supported vulnerability identified in the results, and refer the developer to review and commit the fixes to their code.
Automatic PR
To enable automatic PR, make sure to enable --auto-pr flag in your npx mobbdev@latest analyze command. For example:
npx mobbdev@latest analyze --auto-pr --ci --scan-file $SAST_RESULTS_FILENAME --repo $CI_PROJECT_URL --ref $CI_COMMIT_REF_NAME --api-key $MOBB_API_KEYClick here to learn more about the Automatic PR feature.
Scan (with Opengrep) and Fix Mode
Mobb CLI also supports a special scan and fix mode that uses Mobb's internal Opengrep scanner to automatically scan your repository and generate fixes without requiring a pre-existing vulnerability report.
How to Use Scan and Fix Mode
To activate scan and fix mode, simply omit the -f (scan-file) parameter from your analyze command. The CLI will automatically use Mobb's internal scanner to identify vulnerabilities and generate fixes.
Example
npx mobbdev@latest analyze -r https://github.com/antonychiu2/marinus-sm --ref main --api-key XXXXXX --ciNotice that there's no -f or --scan-file parameter in this command. When no scan file is provided, Mobb will:
Scan the repository using Mobb's internal Opengrep scanner
Generate automated fixes for supported issues along with a fix report
Benefits of Scan and Fix Mode
No external scanner required: No need to run Checkmarx, Snyk, or other SAST tools first
Streamlined workflow: One command to scan and fix
Built-in scanner: Uses Mobb's optimized Opengrep engine
Immediate results: Get fixes without waiting for external scan reports
Last updated
Was this helpful?