Mobb User Docs
Start NowBlogsWatch NowContact Us
  • What is Mobb?
  • What's New with Mobb
  • Supported Fixes
  • Getting Started
    • System Requirements
    • Onboarding Guide
      • Registering a Mobb account
      • Try Mobb now!
      • Running Mobb against your own code
      • Automate Mobb in a CI/CD pipeline
    • Working with the Fix Report
    • Mobb CLI Overview
      • Analyze Mode
      • Scan Mode
      • Add SCM Token Mode
      • Review Mode
      • Convert-to-SARIF Mode
      • Common Deployment Scenarios
  • Mobb Dashboard
  • Integrating SAST Findings
    • Checkmarx
      • Generating Checkmarx One JSON Report from CLI
    • Snyk
    • SonarQube
      • Generating a SonarQube SAST Report
    • Fortify
    • CodeQL
    • Semgrep/Opengrep
      • Generating a Semgrep SAST Report
      • Generating an Opengrep SAST Report
  • CI/CD Integrations
    • GitHub Actions
      • GitHub Fixer for CxOne
      • GitHub Fixer for Opengrep
    • GitLab Pipeline
    • Azure DevOps
    • Jenkins
    • CircleCI
    • Bamboo
    • Bitbucket Pipeline
    • Harness
  • Administration
    • User Management
    • Project Settings
    • Access Tokens
    • Organization-Level Fix Policy
    • Integrations Page
    • SAML Single Sign-On Flow
  • More Info
    • Mobb Broker
      • Mobb Broker Token Rotation
      • Secure storage of Mobb broker in AWS Secrets Manager
    • Providing Fix Feedback
    • Frequently Asked Questions (FAQ)
    • Data Protection and Retention
    • Service Level Agreement
  • Fixing Guides
    • SQL Injection
    • Path Traversal
    • Log Forging
    • XSS
    • XXE
    • Server Side Request Forgery
    • HttpOnly Cookie Vulnerabilities
    • Hardcoded Domain in HTML
    • Hardcoded Secrets
    • HTTP Response Splitting Attacks
    • Insecure Cookie Vulnerabilities
    • Insecure Randomness
    • Missing Check against Null
    • Missing Rate Limiting
    • Regex Missing Timeout
    • System Information Leakage
  • Mobb REST API Guide
Powered by GitBook
On this page
  • Types of comments published in the PR
  • Review Mode - Usage

Was this helpful?

  1. Getting Started
  2. Mobb CLI Overview

Review Mode

PreviousAdd SCM Token ModeNextConvert-to-SARIF Mode

Last updated 27 days ago

Was this helpful?

Note: Review mode is currently supported only for GitHub. Support for additional source control systems will be added in the future.

Review mode is often already integrated into relevant GitHub Actions, such as , , . If a suitable GitHub Action already exists, it is recommended to use it.Overview

  • The review mode enables Mobb to automatically publish fixes directly into your PR comments (Currently only supported for GitHub, with more SCM support to come in the near future)

  • The PR comments published will only be relevant to the sections of the code changed in the PR. This enables the developer to focus on fixing and addressing issues that are relevant to the code

Types of comments published in the PR

There are 2 types of comments that will be published in the PR comment:

  1. Actionable and relevant fixes

If there are fixes available that are relevant to the PR, they will be published as a comment:

  1. Irrelevant issues reported by the SAST tool

If issues are reported that are not relevant to the developer's PR, Mobb will indicate that this may be a false alarm and that no further action is required.

Review Mode - Usage

To check what options are available under the review mode, run:

npx mobbdev@latest review --help

Here is the output of the help file:

mobbdev review

Mobb will review your github pull requests and provide comments with fixes

Options:
  -f, --scan-file                                 Select the vulnerability report to analyze (Checkmarx, Snyk,
                                                  Fortify, CodeQL, Sonarqube, Semgrep)     [string] [required]
  -r, --repo                                      Github / GitLab / Azure DevOps repository URL
                                                                                           [string] [required]
  -s, --scanner                                   Select the scanner to use
             [required] [choices: "checkmarx", "codeql", "fortify", "snyk", "sonarqube", "semgrep", "datadog"]
      --ref                                       Reference of the repository (branch, tag, commit)
                                                                                           [string] [required]
      --mobb-project-name                         Mobb project name     [string] [default: "My first project"]
      --api-key                                   Mobb authentication api-key              [string] [required]
      --github-token                              Github action token                      [string] [required]
      --pull-request, --pr, --pr-number, --pr-id  Number of the pull request               [number] [required]
  -p, --src-path                                  Path to the repository folder with the source code  [string]
      --help                                      Show help                                          [boolean]

Examples:
  npx mobbdev@latest review -r                             add fixes to your pr
  https://github.com/WebGoat/WebGoat -f
  <your_vulnerability_report_path>  --ch <pr_last_commit>
  --pr <pr_number> --ref <pr_branch_name>  --api-key
  <api_key> --src-path <your_repo_path>

From the PR comment, developers can click on the button to commit the fix into the PR.

Mobb Action
CX Mobb Action
CodeQL Mobb Action