Scan and Fix Mode
Overview
Scan and Fix Mode - Usage
npx mobbdev@latest analyze --helpmobbdev analyze
Provide a code repository, get automated fixes right away. You can also provide a vulnerability report to analyze or
have Mobb scan the code for you.
Options:
-f, --scan-file Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify,
CodeQL, Sonarqube, Semgrep, Datadog, Black Duck) [string]
-r, --repo Github / GitLab / Azure DevOps repository URL [string] [required]
-p, --src-path Path to the repository folder with the source code [string]
--ref Reference of the repository (branch, tag, commit) [string]
--mobb-project-name Mobb project name [string] [default: "My first project"]
-y, --yes Skip prompts and use default values [boolean]
--ci Run in CI mode, prompts and browser will not be opened
[boolean] [default: false]
--org, --organization-id Organization id [string]
--api-key Mobb authentication api-key [string]
--auto-pr Enable automatic pull requests for new fixes [boolean] [default: false]
--create-one-pr Create a single unified PR for all fixes (requires --auto-pr)
[boolean] [default: false]
--commit-directly Commit directly to the scanned branch instead of creating a pull
request [boolean] [default: false]
--pull-request, --pr, --pr-number, --pr-id Number of the pull request [number]
--polling Use HTTP polling instead of WebSocket for status updates. Useful for
proxy environments or firewalls that block WebSocket connections.
Polling interval: 5 seconds, timeout: 30 minutes.
[boolean] [default: false]
--baseline-commit Only report findings introduced since this commit (PR mode). The sha
must be reachable from the scanned repository. Effective only when no
scan file is provided.
[string]
--help Show help [boolean]Example: Full Repository Scan
Diff-Aware Mode (--baseline-commit)
--baseline-commit)Automatic PR
Full Workflow Example: GitHub Actions (Diff-Aware Scan + Auto-PR)
Benefits of Scan and Fix Mode
Last updated