mobbdev 0.0.74 → 0.0.77
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env +3 -2
- package/README.md +8 -2
- package/dist/index.mjs +1100 -275
- package/package.json +5 -2
package/.env
CHANGED
package/README.md
CHANGED
|
@@ -14,7 +14,7 @@ Bugsy has two modes - Scan (no SAST report needed) & Analyze (the user needs to
|
|
|
14
14
|
|
|
15
15
|
Scan
|
|
16
16
|
|
|
17
|
-
- Uses Checkmarx or Snyk CLI tools to run a SAST scan on a given open-source GitHub/GitLab repo
|
|
17
|
+
- Uses Checkmarx or Snyk CLI tools to run a SAST scan on a given open-source GitHub/GitLab/ADO repo
|
|
18
18
|
- Analyzes the vulnerability report to identify issues that can be remediated automatically
|
|
19
19
|
- Produces the code fixes and redirects the user to the fix report page on the Mobb platform
|
|
20
20
|
|
|
@@ -29,12 +29,15 @@ This is a community edition version that only analyzes public GitHub repositorie
|
|
|
29
29
|
Bugsy does not detect any vulnerabilities in your code, it uses findings detected by the SAST tools mentioned above.
|
|
30
30
|
|
|
31
31
|
## Usage
|
|
32
|
+
|
|
32
33
|
You can simply run Bugsy from the command line, using npx:
|
|
34
|
+
|
|
33
35
|
```shell
|
|
34
36
|
npx mobbdev
|
|
35
37
|
```
|
|
36
38
|
|
|
37
39
|
This will show you Bugsy's usage help:
|
|
40
|
+
|
|
38
41
|
```shell
|
|
39
42
|
Bugsy - Trusted, Automatic Vulnerability Fixer 🕵️♂️
|
|
40
43
|
|
|
@@ -56,6 +59,7 @@ Made with ❤️ by Mobb
|
|
|
56
59
|
```
|
|
57
60
|
|
|
58
61
|
To run a new SAST scan on a repo and get fixes, run the **Bugsy Scan** command. Example:
|
|
62
|
+
|
|
59
63
|
```shell
|
|
60
64
|
npx mobbdev scan --repo https://github.com/mobb-dev/simple-vulnerable-java-project
|
|
61
65
|
```
|
|
@@ -65,16 +69,18 @@ npx mobbdev analyze --scan-file sast_results.json --repo https://github.com/mobb
|
|
|
65
69
|
|
|
66
70
|
Bugsy will automatically generate a fix for each supported vulnerability identified in the results, and refer the developer to review and commit the fixes to their code.
|
|
67
71
|
|
|
68
|
-
|
|
69
72
|
To see all the options Bugsy allows, use the Scan or Analyze commands with the -h option:
|
|
73
|
+
|
|
70
74
|
```shell
|
|
71
75
|
npx mobbdev scan -h
|
|
72
76
|
npx mobbdev analyze -h
|
|
73
77
|
```
|
|
74
78
|
|
|
75
79
|
## Using Bugsy as part of a CI/CD pipeline
|
|
80
|
+
|
|
76
81
|
If you utilize SAST scans as part of the CI/CD pipeline, Bugsy can be easiy added and provide immediate fix for every issue detected.
|
|
77
82
|
Here is a simple example of a command line that will run Bugsy in your pipeline:
|
|
83
|
+
|
|
78
84
|
```shell
|
|
79
85
|
npx mobbdev analyze --ci --scan-file $SAST_RESULTS_FILENAME --repo $CI_PROJECT_URL --ref $CI_COMMIT_REF_NAME --api-key $MOBB_API_KEY
|
|
80
86
|
```
|