Mobb User Docs
Start NowBlogsWatch NowContact Us
  • What is Mobb?
  • What's New with Mobb
  • Supported Fixes
  • Getting Started
    • System Requirements
    • Onboarding Guide
      • Registering a Mobb account
      • Try Mobb now!
      • Running Mobb against your own code
      • Automate Mobb in a CI/CD pipeline
    • Working with the Fix Report
    • Mobb CLI Overview
      • Analyze Mode
      • Scan Mode
      • Add SCM Token Mode
      • Review Mode
      • Common Deployment Scenarios
  • Mobb Dashboard
  • Integrating SAST Findings
    • Checkmarx
      • Generating Checkmarx One JSON Report from CLI
    • Snyk
    • SonarQube
      • Generating a SonarQube SAST Report
    • Fortify
    • CodeQL
    • Semgrep/Opengrep
      • Generating a Semgrep SAST Report
      • Generating an Opengrep SAST Report
  • CI/CD Integrations
    • GitHub Actions
      • GitHub Fixer for CxOne
      • GitHub Fixer for Opengrep
    • GitLab Pipeline
    • Azure DevOps
    • Jenkins
    • CircleCI
    • Bamboo
    • Bitbucket Pipeline
  • Administration
    • User Management
    • Project Settings
    • Access Tokens
    • Organization-Level Fix Policy
    • Integrations Page
    • SAML Single Sign-On Flow
  • More Info
    • Mobb Broker
      • Mobb Broker Token Rotation
      • Secure storage of Mobb broker in AWS Secrets Manager
    • Providing Fix Feedback
    • Frequently Asked Questions (FAQ)
    • Data Protection and Retention
    • Service Level Agreement
  • Fixing Guides
    • SQL Injection
    • Path Traversal
    • Log Forging
    • XSS
    • XXE
    • Server Side Request Forgery
    • HttpOnly Cookie Vulnerabilities
    • Hardcoded Domain in HTML
    • Hardcoded Secrets
    • HTTP Response Splitting Attacks
    • Insecure Cookie Vulnerabilities
    • Insecure Randomness
    • Missing Check against Null
    • Missing Rate Limiting
    • Regex Missing Timeout
    • System Information Leakage
  • Mobb REST API Guide
Powered by GitBook
On this page
  • Overview
  • Scan Mode - Usage

Was this helpful?

  1. Getting Started
  2. Mobb CLI Overview

Scan Mode

Overview

  • Uses Checkmarx or Snyk CLI tools to run a SAST scan on a given repository

  • Analyze the vulnerability report to identify issues that can be remediated automatically

  • Produces the code fixes and redirects the user to the fix report page on the Mobb platform

Scan Mode - Usage

To check what options are available under the analyze mode, run:

npx mobbdev@latest scan --help

Here is the output of the help file:

Scan your code for vulnerabilities, get automated fixes right away.

Options:
  -r, --repo                    Github / GitLab / Azure DevOps repository URL                        [string] [required]
      --ref                     Reference of the repository (branch, tag, commit)                               [string]
  -s, --scanner                 Select the scanner to use
                                             [choices: "checkmarx", "codeql", "fortify", "snyk", "sonarqube", "semgrep"]
      --org, --organization-id  Organization id                                                                 [string]
      --mobb-project-name       Mobb project name                                 [string] [default: "My first project"]
  -y, --yes                     Skip prompts and use default values                                            [boolean]
      --ci                      Run in CI mode, prompts and browser will not be opened        [boolean] [default: false]
      --api-key                 Mobb authentication api-key                                                     [string]
      --cx-project-name         Checkmarx project name (when scanning with Checkmarx)                           [string]
      --auto-pr                 Enable automatic pull requests for new fixes                  [boolean] [default: false]
      --help                    Show help                                                                      [boolean]

To run a new SAST scan on a repo and get fixes, run the Bugsy Scan command. Example:

npx mobbdev@latest scan --repo https://github.com/mobb-dev/simple-vulnerable-java-project
PreviousAnalyze ModeNextAdd SCM Token Mode

Last updated 1 month ago

Was this helpful?