Versions Compared

Old Version 1

changes.mady.by.user David Jaffe

Saved on

compared with

New Version 2

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

WhiteSource Mend SAST® ships with cross-platform (Windows, Linux , and macOS) API command line clients that provide a simple way to integrate the WhiteSource Mend SAST® API into automated processes.

...

NOTE: On MacOS, you must install Docker before configuring WhiteSource Mend SAST.

https://downloads-sast.whitesourcesoftware.com/sast-cli/mac/wssastcli

...

NOTE: The CLI now automatically updates to the newest version before it runs.

When you onboard WhiteSource Mend SAST, you can choose to:

  • configure the CLI interactively, in which case a wscli-config.json file will be created with all the set parameters inside and can be adapted afterwards, or

  • after completing the onboarding, you can specify the location of a pre-existing configuration file with the --config option.

...

parameter

JSON: url
ENV: SAST_SERVER

Specifies the URL of the WhiteSource Mend SAST® API instance, in general, https://sast.whitesourcesoftware.com/

JSON: token
ENV: SASTCLI_TOKEN

Specifies the WhiteSource Mend SAST® API token to be used with all requests.

...

parameter

--engines [list of engines]
JSON: engines
ENV:SASTCLI_ENGINES

Accepts a comma separated list of SAST engine/language IDs to be used in the analysis (e.g., 1,2). This list can also be set through the environment variable SASTCLI_ENGINES. If omitted, WhiteSource Mend SAST® will perform an auto-language recognition.

--template [name]
JSON: template
ENV: SASTCLI_TEMPLATE

Specifies the scan configuration template created in the web UI.

--dir [directory]
JSON: directory
ENV: SASTCLI_TARGET_DIRECTORY

Specifies target directory for SAST testing.

--app [application]
JSON: application
ENV: SASTCLI_TARGET_APPLICATION

Specifies scan parent application name and inherits its parameters.

--name [name]
JSON: N/A
ENV: N/A

Specifies scan name. This parameter is defined separately for each scan so cannot be defined as JSON or ENV variable.

--baseline-[bool]
JSON: uploadBaseline
ENV: SASTCLI_UPLOAD_BASELINE

Indicates if the CLI should upload the scan data as a new baseline for incremental scans. The baseline will include minimum relevant fragments of code representation in order to enable incremental scans.

--inc=[bool]
JSON: incremental
ENV: SASTCLI_INCREMENTAL_SCAN

Indicates if the scan should be incremental.

--config [path]
JSON: -
ENV: -

Specifies CLI JSON configuration file path.

– baselinestorage [path]
JSON: baselineStorage
ENV: SASTCLI_BASELINE_STORAGE

Specifies the location of the baseline dump.
The default for the location is the .sastcli folder.

...

parameter

--submitsnippets=[bool]
JSON: submitSnippets
ENV: SASTCLI_SUBMIT_SNIPPETS

Indicates if vulnerability-relevant snippet files should be submitted with results

--submitlogs=[bool]
JSON: submitLogs
ENV: SASTCLI__SUBMIT_LOGS

Indicates if CLI and engine logs should be submitted to WhiteSourceMend.

The CLI and engine logs will be submitted to the SAST server, but if you want to manually review them, they are located under the user's HOME directory (%USERPROFILE% on Windows and $HOME on Linux), in the .sastcli/logs directory.

--snippetsize [size]
JSON: snippetSize
ENV: SASTCLI_SNIPPET_SIZE

Specifies the size of source code snippets submitted to the SAST server. The default value is 10, the minimum value 1. An example can be found below this table.
NOTE: If snippetsize is set to a value less than 1 while submitfiles is set to true, an error message is thrown

WhiteSource Mend SAST® will not upload your full source code to the cloud. It only stores as much information as necessary to help you understand the dataflow of a detected finding. By default, snippets with a length of 10 lines are uploaded, but you can further reduce this to one single line.

...