Review Mode
The review mode enables Mobb to automatically publish fixes directly into your PR comments (Currently only supported for GitHub, with more SCM support to come in the near future)
The PR comments published will only be relevant to the sections of the code changed in the PR. This enables the developer to focus on fixing and addressing issues that are relevant to the code
Types of comments published in the PR
There are 2 types of comments that will be published in the PR comment:
Actionable and relevant fixes
If there are fixes available that are relevant to the PR, they will be published as a comment:

From the PR comment, developers can click on the button to commit the fix into the PR.
Irrelevant issues reported by the SAST tool
If issues are reported that are not relevant to the developer's PR, Mobb will indicate that this may be a false alarm and that no further action is required.

Review Mode - Usage
To check what options are available under the review mode, run:
npx mobbdev@latest review --help
Here is the output of the help file:
mobbdev review
Mobb will review your github pull requests and provide comments with fixes
Options:
-f, --scan-file Select the vulnerability report to analyze (Checkmarx, Snyk,
Fortify, CodeQL, Sonarqube, Semgrep) [string] [required]
-r, --repo Github / GitLab / Azure DevOps repository URL
[string] [required]
-s, --scanner Select the scanner to use
[required] [choices: "checkmarx", "codeql", "fortify", "snyk", "sonarqube", "semgrep", "datadog"]
--ref Reference of the repository (branch, tag, commit)
[string] [required]
--mobb-project-name Mobb project name [string] [default: "My first project"]
--api-key Mobb authentication api-key [string] [required]
--github-token Github action token [string] [required]
--pull-request, --pr, --pr-number, --pr-id Number of the pull request [number] [required]
-p, --src-path Path to the repository folder with the source code [string]
--help Show help [boolean]
Examples:
npx mobbdev@latest review -r add fixes to your pr
https://github.com/WebGoat/WebGoat -f
<your_vulnerability_report_path> --ch <pr_last_commit>
--pr <pr_number> --ref <pr_branch_name> --api-key
<api_key> --src-path <your_repo_path>
Last updated
Was this helpful?