crda-cli

command module
v0.0.0-...-77fb227 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 3, 2023 License: Apache-2.0 Imports: 5 Imported by: 0

README

This project has been dropped!

Please use Crda Java API or Crda JavaScript API Instead.

Click here for original README

Crda CLI 1.5

This project is still in development mode. For analysis, currently, only Java's Maven ecosystem is implemented.

Run using executable

Download the binary based on your OS from the Releases tab.

The Html report is saved as a local file in the OS's temporary folder.

$ crda analyse /path/to/maven/project/pom.xml

Summary Report for Dependency Analysis:

Total Scanned Dependencies:  10
Total Scanned Transitive Dependencies:  193
Direct Vulnerable Dependencies:  4
Total Vulnerabilities:  14
Critical Vulnerabilities:  0
High Vulnerabilities:  3
Medium Vulnerabilities:  8
Low Vulnerabilities:  3

Full Report:  file:///tmp/crda/stack-analysis-maven-1684149652.html

Run using image

Running using and image will not create a Html report. Instead, it will print the Json version of the report.
This behavioural is also achievable manually using the --json flag:

$ crda analyse /path/to/maven/project/pom.xml --json

{
        "dependencies": {
                "scanned": 10,
                "transitive": 193
        },
        "vulnerabilities": {
                "critical": 0,
                "direct": 4,
                "high": 3,
                "low": 3,
                "medium": 8,
                "total": 14
        }
}
Java

From your project path (replace PWD with path if needed):

podman run --rm -it \
    -v $HOME/.m2:/opt/app-root/src/.m2 \
    -v $HOME/.crda:/opt/app-root/src/.crda \
    -v $PWD:/app \
    quay.io/ecosystem-appeng/crda-cli:staging analyse pom.xml

Tokens

Snyk Token

Set your Snyk token to include Snyk's private vulnerabilities in your report.
Instructions for creating the token can be found here.

There are multiple approaches for setting your Snyk token with Crda, processed in the following order: Using a command line flag:

crda analyse --snyk-token <snyk-token-goes-here> ...

Using an environment variable:

CRDA_SNYK_TOKEN=<snyk-token-goes-here> crda analyse ...

Or saving it in the config file for re-using:

crda config set crda_snyk_token <snyk-token-goes-here>

Help

$ crda help

Use this tool for CodeReady Dependency Analytics reports

Usage:
  crda [command]

Available Commands:
  analyse     Preform dependency analysis report
  completion  Generate a completions script
  config      Manage crda config
  help        Help about any command
  version     Get binary version

Flags:
  -m, --client string   The invoking client for telemetry (default "terminal")
  -d, --debug           Set DEBUG log level
  -c, --no-color        Toggle colors in output.

Use "crda [command] --help" for more information about a command.

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
pkg
backend/api
Package api provides primitives to interact with the openapi HTTP API.
Package api provides primitives to interact with the openapi HTTP API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL