Review Mode

Note: Review mode is currently supported only for GitHub. Support for additional source control systems will be added in the future.

Review mode is often already integrated into relevant GitHub Actions, such as Mobb Action, CX Mobb Action, CodeQL Mobb Action. If a suitable GitHub Action already exists, it is recommended to use it.Overview

  • The review mode enables Mobb to automatically publish fixes directly into your PR comments (Currently only supported for GitHub, with more SCM support to come in the near future)

  • The PR comments published will only be relevant to the sections of the code changed in the PR. This enables the developer to focus on fixing and addressing issues that are relevant to the code

Types of comments published in the PR

There are 2 types of comments that will be published in the PR comment:

  1. Actionable and relevant fixes

If there are fixes available that are relevant to the PR, they will be published as a comment:

From the PR comment, developers can click on the button to commit the fix into the PR.

  1. Irrelevant issues reported by the SAST tool

If issues are reported that are not relevant to the developer's PR, Mobb will indicate that this may be a false alarm and that no further action is required.

Review Mode - Usage

To check what options are available under the review mode, run:

npx mobbdev@latest review --help

Here is the output of the help file:

mobbdev review

Mobb will review your github pull requests and provide comments with fixes

Options:
  -f, --scan-file                                 Select the vulnerability report to analyze (Checkmarx, Snyk,
                                                  Fortify, CodeQL, Sonarqube, Semgrep)     [string] [required]
  -r, --repo                                      Github / GitLab / Azure DevOps repository URL
                                                                                           [string] [required]
  -s, --scanner                                   Select the scanner to use
             [required] [choices: "checkmarx", "codeql", "fortify", "snyk", "sonarqube", "semgrep", "datadog"]
      --ref                                       Reference of the repository (branch, tag, commit)
                                                                                           [string] [required]
      --mobb-project-name                         Mobb project name     [string] [default: "My first project"]
      --api-key                                   Mobb authentication api-key              [string] [required]
      --github-token                              Github action token                      [string] [required]
      --pull-request, --pr, --pr-number, --pr-id  Number of the pull request               [number] [required]
  -p, --src-path                                  Path to the repository folder with the source code  [string]
      --help                                      Show help                                          [boolean]

Examples:
  npx mobbdev@latest review -r                             add fixes to your pr
  https://github.com/WebGoat/WebGoat -f
  <your_vulnerability_report_path>  --ch <pr_last_commit>
  --pr <pr_number> --ref <pr_branch_name>  --api-key
  <api_key> --src-path <your_repo_path>

Last updated

Was this helpful?