This project has been dropped!
Please use Crda Java API or
Crda JavaScript API Instead.
Click here for original README
Crda CLI 1.5
This project is still in development mode.
For analysis, currently, only Java's Maven ecosystem is implemented.
Run using executable
Download the binary based on your OS from the Releases tab.
The Html report is saved as a local file in the OS's temporary folder.
$ crda analyse /path/to/maven/project/pom.xml
Summary Report for Dependency Analysis:
Total Scanned Dependencies: 10
Total Scanned Transitive Dependencies: 193
Direct Vulnerable Dependencies: 4
Total Vulnerabilities: 14
Critical Vulnerabilities: 0
High Vulnerabilities: 3
Medium Vulnerabilities: 8
Low Vulnerabilities: 3
Full Report: file:///tmp/crda/stack-analysis-maven-1684149652.html
Run using image
Running using and image will not create a Html report.
Instead, it will print the Json version of the report.
This behavioural is also achievable manually using the --json
flag:
$ crda analyse /path/to/maven/project/pom.xml --json
{
"dependencies": {
"scanned": 10,
"transitive": 193
},
"vulnerabilities": {
"critical": 0,
"direct": 4,
"high": 3,
"low": 3,
"medium": 8,
"total": 14
}
}
Java
From your project path (replace PWD with path if needed):
podman run --rm -it \
-v $HOME/.m2:/opt/app-root/src/.m2 \
-v $HOME/.crda:/opt/app-root/src/.crda \
-v $PWD:/app \
quay.io/ecosystem-appeng/crda-cli:staging analyse pom.xml
Tokens
Snyk Token
Set your Snyk token to include Snyk's private vulnerabilities in your report.
Instructions for creating the token can be found here.
There are multiple approaches for setting your Snyk token with Crda, processed in the following order:
Using a command line flag:
crda analyse --snyk-token <snyk-token-goes-here> ...
Using an environment variable:
CRDA_SNYK_TOKEN=<snyk-token-goes-here> crda analyse ...
Or saving it in the config file for re-using:
crda config set crda_snyk_token <snyk-token-goes-here>
Help
$ crda help
Use this tool for CodeReady Dependency Analytics reports
Usage:
crda [command]
Available Commands:
analyse Preform dependency analysis report
completion Generate a completions script
config Manage crda config
help Help about any command
version Get binary version
Flags:
-m, --client string The invoking client for telemetry (default "terminal")
-d, --debug Set DEBUG log level
-c, --no-color Toggle colors in output.
Use "crda [command] --help" for more information about a command.