This guide describes how you can try out Mobb in a self-contained sandbox environment using existing scan results generated from a SAST tool against a vulnerable application.

To get started, first make sure you have already signed up for an account. If you haven't done so, please visit the Register a Mobb Account guide.

After logging in, select the first option, "Try Mobb Now"

Pick a vulnerability scanner of your choice (Checkmarx, Snyk, Fortify or GitHub CodeQL)

Then pick an application you want to analyze (Webgoat, Juice Shop or AltoroJ). These are all well-known, deliberately insecure applications, used as examples for demonstrating how Mobb fixes code vulnerabilities.

Click on "Get Fixes Now!"

After a few seconds, available fixes should start to appear. At this stage, you can begin accessing the fix page through the “Link to Fix” button.

Mobb provides an intuitive UI that allows you to influence the fix's direction through a few simple questions. Once you are satisfied with the fix recommendation, you can either commit the changes back to your source code repository, download the .diff file, or save fix data:

• Commit Changes - This allows you to commit the fixes directly to your source code repository through a Pull Request.

• Download the .diff file - This option allows you to download the .diff file and apply the fix manually to your branch.

• Save fix data - This option allows you to save the fix data so you can work on other fixes in the project. After you're satisfied, you can commit the fixes back to the repository all at once.

Since you are in a sandbox environment, you won't be able to commit the fixes back into the source code repository. To complete this tutorial, you can either download the .diff file or save the fix data.

To commit the fixes to an actual source code repository that you own, please proceed to the next section on “Running mobb against your own code”.