Start NowBlogsWatch NowContact Us

Option 1 - Scan and Fix with Mobb

This option allows you to provide a repo URL and let Mobb scan for vulnerabilities using the open-source SAST scanner Opengrep to produce a report, before passing it to Mobb for triage and auto-remediation.

Choose a Code Repository

The first step is to specify the repository you want Mobb to scan. You have two main options:

Repository selection options

Pick a Repository from Your List

This option provides you the ability to look up your connected GitHub, GitLab, Azure DevOps or Bitbucket accounts to pick a repository. Simply click on your preferred SCM provider and authenticate if needed.

  • We only fix repositories you select

  • Supported providers: GitHub, GitLab, Azure DevOps, and Bitbucket

Add a Specific Code Repository

This option allows you to specify a public or private repository URL by entering it manually in the text field.

  • Public repository - Mobb will instantly connect to the repository to extract the content required to perform the scan and generate fixes

  • Private repository

    • Accessible repository: If your SCM is already connected and the private repository is in these accounts, Mobb will instantly connect to the repository

    • Inaccessible repository: If your SCM is not connected, Mobb will prompt you to connect your SCM account. Alternatively, you can also upload the source code in a zip file.

You can enter a repository URL in the text field provided, or alternatively upload a zip file if your repository is not directly accessible.

If your SCM tool is hosted on-premise, you will either need to deploy a Mobb broker, or use the "upload zip file" feature.

Once you have selected your repository, click "Continue" to proceed to the scanning phase.

Running the Scan

After selecting your repository, Mobb will automatically begin the scanning process:

Scan in progress with real-time status updates

The scanning process typically takes a few minutes depending on the size of your repository. You'll see real-time updates as Mobb:

  1. Clones your repository to securely access your code

  2. Runs Opengrep SAST scan to analyze your code for security vulnerabilities

  3. Generates automated fixes for the issues found

The example above shows a scan running on the antonychiu2/webgoat repository with status "analyzing issues".

Accessing Your Fixes

Once the scan is complete, you'll see a screen confirming the analysis is ready. Click "View Fixes" to access your completed fix report.

From there, you can visit our Working with the Fix Report page to learn how to work with a completed fix report and commit your fixes to your repo.

PreviousRegistering a Mobb accountNextOption 2 - Running Mobb against your own code

Last updated

Was this helpful?