crda-cli

command module

v0.0.0-...-77fb227 Latest Latest Go to latest Published: Jul 3, 2023 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rhecosystemappeng/crda-cli

Links

Open Source Insights

README ¶

This project has been dropped!

Please use Crda Java API or Crda JavaScript API Instead.

Click here for original README

Crda CLI 1.5

This project is still in development mode. For analysis, currently, only Java's Maven ecosystem is implemented.

Staging version (Pre-release) can be found here.
Sample projects can be found in the crda-usage-examples repo

Run using executable

Download the binary based on your OS from the Releases tab.

The Html report is saved as a local file in the OS's temporary folder.

$ crda analyse /path/to/maven/project/pom.xml

Summary Report for Dependency Analysis:

Total Scanned Dependencies:  10
Total Scanned Transitive Dependencies:  193
Direct Vulnerable Dependencies:  4
Total Vulnerabilities:  14
Critical Vulnerabilities:  0
High Vulnerabilities:  3
Medium Vulnerabilities:  8
Low Vulnerabilities:  3

Full Report:  file:///tmp/crda/stack-analysis-maven-1684149652.html

Run using image

Running using and image will not create a Html report. Instead, it will print the Json version of the report.
This behavioural is also achievable manually using the --json flag:

$ crda analyse /path/to/maven/project/pom.xml --json

{
        "dependencies": {
                "scanned": 10,
                "transitive": 193
        },
        "vulnerabilities": {
                "critical": 0,
                "direct": 4,
                "high": 3,
                "low": 3,
                "medium": 8,
                "total": 14
        }
}

Java

From your project path (replace PWD with path if needed):

podman run --rm -it \
    -v $HOME/.m2:/opt/app-root/src/.m2 \
    -v $HOME/.crda:/opt/app-root/src/.crda \
    -v $PWD:/app \
    quay.io/ecosystem-appeng/crda-cli:staging analyse pom.xml

Tokens

Snyk Token

Set your Snyk token to include Snyk's private vulnerabilities in your report.
Instructions for creating the token can be found here.

There are multiple approaches for setting your Snyk token with Crda, processed in the following order: Using a command line flag:

crda analyse --snyk-token <snyk-token-goes-here> ...

Using an environment variable:

CRDA_SNYK_TOKEN=<snyk-token-goes-here> crda analyse ...

Or saving it in the config file for re-using:

crda config set crda_snyk_token <snyk-token-goes-here>

Help

$ crda help

Use this tool for CodeReady Dependency Analytics reports

Usage:
  crda [command]

Available Commands:
  analyse     Preform dependency analysis report
  completion  Generate a completions script
  config      Manage crda config
  help        Help about any command
  version     Get binary version

Flags:
  -m, --client string   The invoking client for telemetry (default "terminal")
  -d, --debug           Set DEBUG log level
  -c, --no-color        Toggle colors in output.

Use "crda [command] --help" for more information about a command.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
pkg
analyse
backend
backend/api Package api provides primitives to interact with the openapi HTTP API.	Package api provides primitives to interact with the openapi HTTP API.
config
telemetry
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL