CodeQL

Last updated 4 months ago

Was this helpful?

CodeQL

Depending on the SAST tool used, we support different methods of consuming the SAST result for Mobb to generate automated remediations. In this example, we will see how Mobb works with GitHub CodeQL.

With CodeQL, we currently support ""

First, select "Upload Vulnerability Report"

Next, you must upload a CodeQL report in .jsonformat. Once the report is uploaded, click “Continue”.

The next screen prompts you to connect to your code repository. Mobb currently supports GitHub, GitLab, Azure DevOps and Bitbucket as SCM tools.

You can either use the “Pick a repository from your list” where Mobb will prompt you to connect to your repository, or use the second option - “Add a specific code repository” to supply the URL.

Pick a repository from your list - This option provides you the ability to look up your connected GitHub, GitLab, Azure Repo or Bitbucket Cloud accounts to pick a repository.
Add a specific code repository - This option allows you to specify a public or private repository URL.
- Public repository - Mobb will instantly connect to the repository to extract the content required to generate the fix data
- Private repository
  - Accessible repository: If your SCM is already connected and the private repository is in these accounts, Mobb will instantly connect to the repository to extract the content required to generate the fix data
  - Inaccessible repository: If your SCM is not connected, Mobb will prompt you to connect your SCM account. Alternatively, you can also upload the source code in a zip file.

Once you have connected your repository, you are ready to run the analysis. To do so, click on “Continue”.

Note that if you are getting a warning that says "The code provided has been updated after the vulnerabilities were detected. Some vulnerabilities might be missing." You may want to provide a more recent SAST report or adjust your Git branch to an earlier one.

After the analysis, you can review the available fixes on the project page. To access the fix page, click the “Link to fix” button next to the issue you wish to review.

Mobb provides an intuitive UI that allows you to influence the fix's direction through simple questions. Once you are satisfied with the fix recommendation, you can either commit the changes back to your source code repository, download the .diff file, or save fix data:

Create a Pull Request - This allows you to commit the fix directly to your source code repository by automatically creating a Pull Request.
Commit directly to target branch - This option will commit the fix directly to a specified branch
Download the .diff file - This option allows you to download the .diff file and apply the fix manually through your IDE.

This tutorial will use the “Create Pull Request”. To do so, click on "More Options" to expand the pull request options. Mobb will create a temporary branch for this pull request and auto-populate the pull request title as well as the pull request description.

Once you are satisfied, click “Propose changes”. This will initiate a Pull Request in your SCM.

PreviousFortify NextSemgrep/Opengrep

Last updated 4 months ago

Was this helpful?