Mobb User Docs
Start NowBlogsWatch NowContact Us
  • What is Mobb?
  • What's New with Mobb
  • Supported Fixes
  • Getting Started
    • System Requirements
    • Onboarding Guide
      • Registering a Mobb account
      • Try Mobb now!
      • Running Mobb against your own code
      • Automate Mobb in a CI/CD pipeline
    • Working with the Fix Report
    • Mobb CLI Overview
      • Analyze Mode
      • Scan Mode
      • Add SCM Token Mode
      • Review Mode
      • Convert-to-SARIF Mode
      • Common Deployment Scenarios
  • Mobb Dashboard
  • Integrating SAST Findings
    • Checkmarx
      • Generating Checkmarx One JSON Report from CLI
    • Snyk
    • SonarQube
      • Generating a SonarQube SAST Report
    • Fortify
    • CodeQL
    • Semgrep/Opengrep
      • Generating a Semgrep SAST Report
      • Generating an Opengrep SAST Report
  • CI/CD Integrations
    • GitHub Actions
      • GitHub Fixer for CxOne
      • GitHub Fixer for Opengrep
    • GitLab Pipeline
    • Azure DevOps
    • Jenkins
    • CircleCI
    • Bamboo
    • Bitbucket Pipeline
  • Administration
    • User Management
    • Project Settings
    • Access Tokens
    • Organization-Level Fix Policy
    • Integrations Page
    • SAML Single Sign-On Flow
  • More Info
    • Mobb Broker
      • Mobb Broker Token Rotation
      • Secure storage of Mobb broker in AWS Secrets Manager
    • Providing Fix Feedback
    • Frequently Asked Questions (FAQ)
    • Data Protection and Retention
    • Service Level Agreement
  • Fixing Guides
    • SQL Injection
    • Path Traversal
    • Log Forging
    • XSS
    • XXE
    • Server Side Request Forgery
    • HttpOnly Cookie Vulnerabilities
    • Hardcoded Domain in HTML
    • Hardcoded Secrets
    • HTTP Response Splitting Attacks
    • Insecure Cookie Vulnerabilities
    • Insecure Randomness
    • Missing Check against Null
    • Missing Rate Limiting
    • Regex Missing Timeout
    • System Information Leakage
  • Mobb REST API Guide
Powered by GitBook
On this page
  • Scenario 1 - Uploading a Fortify FPR with embedded source code
  • Scenario 2 - Automatically create pull requests for trusted fixes
  • Scenario 3 - Automatically commit fixes to a target branch

Was this helpful?

  1. Getting Started
  2. Mobb CLI Overview

Common Deployment Scenarios

PreviousConvert-to-SARIF ModeNextMobb Dashboard

Last updated 2 months ago

Was this helpful?

Scenario 1 - Uploading a Fortify FPR with embedded source code

If you have a fortify FPR report with source code embedded, you can run an analysis through Bugsy without needing to connect to your repository. In this case, simply use the analyze mode and use -p (--src-path) and point it at the FPR file.

For example, let's say we a file call fortify.fpr that contains both the SAST report + Source code:

sh
npx mobbdev@latest analyze -f .\fortify.fpr -p .\fortify.fpr -r https://my_repo_url --api-key xxxxxxx

Explanation:

  • -f .\fortify.fpr specifies the location of the SAST report

  • -p .\fortify.fpr specifies the location of the source code (in this case embedded in the FPR file)

  • -r https://my_repo_url specifies the location of the actual repository. We encourage that this field is specified correctly, as it tells Mobb where the fix commits should go to.

  • --api-key xxxxxxx specify your API key here

Scenario 2 - Automatically create pull requests for trusted fixes

If you want Mobb to automatically generate pull requests for trusted fixes, you must first enable it under your Project Settings --> Fix Policy as shown .

sh
npx mobbdev analyze -f sast_results.json -r https://github.com/mobb-dev/simple-vulnerable-java-project --ref dev --auto-pr --ci

Explanation:

  • --auto-pr will tell Mobb to respect the fix policy as defined in the project settings and generate a pull request for the issue types where automatic PR is enabled in in the fix policy.

Scenario 3 - Automatically commit fixes to a target branch

This scenario is typically reserved for directly committing the fixes to a development branch.

sh
npx mobbdev analyze -f sast_results.json -r https://github.com/mobb-dev/simple-vulnerable-java-project --ref dev --auto-pr --commit-directly --ci

Explanation:

  • --auto-pr will tell Mobb to respect the fix policy as defined in the project settings

  • --commit-directly will tell Mobb that instead of generating a Pull Request, generate a commit on the branch specified by --ref dev

If you want to enable automatic commit for trusted fixes, you must first enable it under your Project Settings --> Fix Policy, as shown .

here
here