# Analyze Mode ## Overview * Analyzes a Checkmarx/CodeQL/Fortify/Snyk/SonarQube/Semgrep/Opengrep vulnerability report to identify issues that can be remediated automatically * Produces the code fixes and redirects the user to the fix report page on the Mobb platform ### Analyze Mode - Usage To check what options are available under the analyze mode, run: ``` npx mobbdev@latest analyze --help ``` Here is the output of the help file: ``` npx mobbdev@latest analyze --help cli.mjs analyze Provide a code repository, get automated fixes right away. You can also provide a vulnerability report to analyze or have Mobb scan the code for you. Options: -f, --scan-file Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL, Sonarqube, Semgrep, Datadog) [string] -r, --repo Github / GitLab / Azure DevOps repository URL [string] [required] -p, --src-path Path to the repository folder with the source code; alternatively, you can specify the Fortify FPR file to extract source code out of it [string] --ref Reference of the repository (branch, tag, commit) [string] --mobb-project-name Mobb project name [string] [default: "My first project"] -y, --yes Skip prompts and use default values [boolean] --ci Run in CI mode, prompts and browser will not be opened [boolean] [default: false] --org, --organization-id Organization id [string] --api-key Mobb authentication api-key [string] --auto-pr Enable automatic pull requests for new fixes[boolean] [default: false] --create-one-pr Create a single unified PR for all fixes (requires --auto-pr) [boolean] [default: false] --commit-directly Commit directly to the scanned branch instead of creating a pull request [boolean] [default: false] --pull-request, --pr, --pr-number, --pr-id Number of the pull request [number] --polling Use HTTP polling instead of WebSocket for status updates. Useful for proxy environments or firewalls that block WebSocket connections. Polling interval: 5 seconds, timeout: 30 minutes. [boolean] [default: false] --help Show help [boolean] ``` ## Example To get fixes for a pre-generated SAST report, run the **Bugsy Analyze** command. Example: ```sh npx mobbdev analyze --scan-file sast_results.json --repo https://github.com/mobb-dev/simple-vulnerable-java-project ``` Bugsy will automatically generate a fix for each supported vulnerability identified in the results, and refer the developer to review and commit the fixes to their code. ## Automatic PR To enable automatic PR, make sure to enable `--auto-pr` flag in your `npx mobbdev@latest` analyze command. For example: ``` npx mobbdev@latest analyze --auto-pr --ci --scan-file $SAST_RESULTS_FILENAME --repo $CI_PROJECT_URL --ref $CI_COMMIT_REF_NAME --api-key $MOBB_API_KEY ``` Click [here](https://docs.mobb.ai/mobb-user-docs/administration/fix-policy#automatic-pr) to learn more about the Automatic PR feature. ## Scan (with Opengrep) and Fix Mode Mobb CLI also supports a special **scan and fix mode** that uses Mobb's internal Opengrep scanner to automatically scan your repository and generate fixes without requiring a pre-existing vulnerability report. ### How to Use Scan and Fix Mode To activate scan and fix mode, simply **omit the `-f` (scan-file) parameter** from your analyze command. The CLI will automatically use Mobb's internal scanner to identify vulnerabilities and generate fixes. ### Example ```sh npx mobbdev@latest analyze -r https://github.com/antonychiu2/marinus-sm --ref main --api-key XXXXXX --ci ``` Notice that there's no `-f` or `--scan-file` parameter in this command. When no scan file is provided, Mobb will: * **Scan** the repository using Mobb's internal Opengrep scanner * **Generate** automated fixes for supported issues along with a fix report ### Benefits of Scan and Fix Mode * **No external scanner required**: No need to run Checkmarx, Snyk, or other SAST tools first * **Streamlined workflow**: One command to scan and fix * **Built-in scanner**: Uses Mobb's optimized Opengrep engine * **Immediate results**: Get fixes without waiting for external scan reports --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mobb.ai/mobb-user-docs/getting-started/mobb-cli/analyze-mode.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.