search
Start NowBlogsWatch NowContact Us

Scan Mode

hashtag
Overview

  • Uses Checkmarx or Snyk CLI tools to run a SAST scan on a given repository

  • Analyze the vulnerability report to identify issues that can be remediated automatically

  • Produces the code fixes and redirects the user to the fix report page on the Mobb platform

hashtag
Scan Mode - Usage

To check what options are available under the analyze mode, run:

npx mobbdev@latest scan --help

Here is the output of the help file:

cli.mjs scan

Scan your code for vulnerabilities, get automated fixes right away.

Options:
  -r, --repo                    Github / GitLab / Azure DevOps repository URL                        [string] [required]
      --ref                     Reference of the repository (branch, tag, commit)                               [string]
  -s, --scanner                 Select the scanner to use
                                  [choices: "checkmarx", "codeql", "fortify", "snyk", "sonarqube", "semgrep", "datadog"]
      --org, --organization-id  Organization id                                                                 [string]
      --mobb-project-name       Mobb project name                                 [string] [default: "My first project"]
  -y, --yes                     Skip prompts and use default values                                            [boolean]
      --ci                      Run in CI mode, prompts and browser will not be opened        [boolean] [default: false]
      --api-key                 Mobb authentication api-key                                                     [string]
      --cx-project-name         Checkmarx project name (when scanning with Checkmarx)                           [string]
      --auto-pr                 Enable automatic pull requests for new fixes                  [boolean] [default: false]
      --polling                 Use HTTP polling instead of WebSocket for status updates. Useful for proxy environments
                                or firewalls that block WebSocket connections. Polling interval: 5 seconds, timeout: 30
                                minutes.                                                      [boolean] [default: false]
      --help                    Show help                                                                      [boolean]

To run a new SAST scan on a repo and get fixes, run the Bugsy Scan command. Example:

PreviousAnalyze ModeNextAdd SCM Token Mode

Last updated