# Convert-to-SARIF Mode

## Overview

* Convert an existing SAST report to SARIF format
* Main usage is to help trim down a large SAST report (i.e. Fortify FPR) that contains the result of multiple repositories to a smaller SARIF report that is focused on a single repository.
* Uses `--code-path-patterns` parameter to filter and perform the splitting of the report

### Convert-to-SARIF Mode - Usage

To check what options are available under the convert-to-sarif mode, run:

```
npx mobbdev@latest convert-to-sarif --help
```

Here is the output of the help file:

```bash
npx mobbdev@latest convert-to-sarif --help
cli.mjs convert-to-sarif

Convert an existing SAST report to SARIF format.

Options:
  --input-file-path     Original SAST report file path                                               [string] [required]
  --input-file-format   SAST report file type                                         [required] [choices: "FortifyFPR"]
  --output-file-path    Output SARIF report file path                                                [string] [required]
  --code-path-patterns  Glob-like patterns. Any code node with this pattern makes the issue be included.         [array]
  --help                Show help                                                                              [boolean]

Examples:
  npx mobbdev@latest convert-to-sarif --input-file-path         convert an existing SAST report to SARIF format
  /path/to/vuln-report.fpr --input-file-format FortifyFPR
  --output-file-path /path/to/vuln-report.sarif
  --code-path-patterns **/*.ts --code-path-patterns **/*.js
```

## Example

To get fixes for a pre-generated SAST report, run the **Bugsy Analyze** command. Example:

<pre class="language-bash"><code class="lang-bash"><strong>npx mobbdev@latest convert-to-sarif \
</strong>  --input-file-path /path/to/vuln-report.fpr \
<strong>  --input-file-format FortifyFPR \
</strong>  --output-file-path /path/to/vuln-report.sarif \
  --code-path-patterns **/*.ts \
  --code-path-patterns **/*.js
</code></pre>

## Use case - Chaining with Analyze Mode

The idea is to chain this command together with npx mobbdev\@latest analyze to perform the fix analysis on the target repository. I.e.

<pre class="language-bash"><code class="lang-bash"><strong>npx mobbdev@latest convert-to-sarif \
</strong><strong>  --input-file-path fortify.fpr \
</strong><strong>  --input-file-format FortifyFPR \
</strong>  --output-file-path projectABC-report.sarif \
  --code-path-patterns "projectABC/**"
  
<strong>npx mobbdev analyze \
</strong><strong>--scan-file projectABC-report.sarif \
</strong><strong>--repo https://github.com/mobb-dev/projectABC  
</strong></code></pre>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.mobb.ai/mobb-user-docs/getting-started/mobb-cli/convert-to-sarif-mode.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.