> For the complete documentation index, see [llms.txt](https://docs.mobb.ai/mobb-user-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.mobb.ai/mobb-user-docs/getting-started/mobb-cli/analyze-mode.md).

# Analyze Mode

## Overview

* Analyzes a Checkmarx/CodeQL/Fortify/Snyk/SonarQube/Semgrep/Opengrep vulnerability report to identify issues that can be remediated automatically
* Produces the code fixes and redirects the user to the fix report page on the Mobb platform

### Analyze Mode - Usage

To check what options are available under the analyze mode, run:

```
npx mobbdev@latest analyze --help
```

Here is the output of the help file:

```
npx mobbdev@latest analyze --help
cli.mjs analyze

Provide a code repository, get automated fixes right away. You can also provide a vulnerability report to analyze or
have Mobb scan the code for you.

Options:
  -f, --scan-file                                 Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify,
                                                  CodeQL, Sonarqube, Semgrep, Datadog)                          [string]
  -r, --repo                                      Github / GitLab / Azure DevOps repository URL      [string] [required]
  -p, --src-path                                  Path to the repository folder with the source code; alternatively, you
                                                  can specify the Fortify FPR file to extract source code out of it
                                                                                                                [string]
      --ref                                       Reference of the repository (branch, tag, commit)             [string]
      --mobb-project-name                         Mobb project name               [string] [default: "My first project"]
  -y, --yes                                       Skip prompts and use default values                          [boolean]
      --ci                                        Run in CI mode, prompts and browser will not be opened
                                                                                              [boolean] [default: false]
      --org, --organization-id                    Organization id                                               [string]
      --api-key                                   Mobb authentication api-key                                   [string]
      --auto-pr                                   Enable automatic pull requests for new fixes[boolean] [default: false]
      --create-one-pr                             Create a single unified PR for all fixes (requires --auto-pr)
                                                                                              [boolean] [default: false]
      --commit-directly                           Commit directly to the scanned branch instead of creating a pull
                                                  request                                     [boolean] [default: false]
      --pull-request, --pr, --pr-number, --pr-id  Number of the pull request                                    [number]
      --polling                                   Use HTTP polling instead of WebSocket for status updates. Useful for
                                                  proxy environments or firewalls that block WebSocket connections.
                                                  Polling interval: 5 seconds, timeout: 30 minutes.
                                                                                              [boolean] [default: false]
      --help                                      Show help                                                    [boolean]
```

## Example

To get fixes for a pre-generated SAST report, run the **Bugsy Analyze** command. Example:

```sh
npx mobbdev analyze --scan-file sast_results.json --repo https://github.com/mobb-dev/simple-vulnerable-java-project
```

Bugsy will automatically generate a fix for each supported vulnerability identified in the results, and refer the developer to review and commit the fixes to their code.

## Automatic PR

To enable automatic PR, make sure to enable `--auto-pr` flag in your `npx mobbdev@latest` analyze command. For example:

```
npx mobbdev@latest analyze --auto-pr --ci --scan-file $SAST_RESULTS_FILENAME --repo $CI_PROJECT_URL --ref $CI_COMMIT_REF_NAME --api-key $MOBB_API_KEY
```

Click [here](/mobb-user-docs/administration/fix-policy.md#automatic-pr) to learn more about the Automatic PR feature.

## See Also

{% hint style="info" %}
Don't have a pre-generated SAST report? The same `analyze` command can run Mobb's built-in Opengrep scanner for you. See [**Scan and Fix Mode**](/mobb-user-docs/getting-started/mobb-cli/scan-and-fix-mode.md). It also supports a diff-aware mode (`--baseline-commit`) for PR-gated scans.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.mobb.ai/mobb-user-docs/getting-started/mobb-cli/analyze-mode.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.