Run with NPM

The npm packagepromyze-cli allows to compute best practices suggestions on a code base to detect locations where best practices are not followed. It also provides facilities to produce a report file for tools like SonarQube, or in the SARIF format (Static Analysis Results Interchange Format).

npm: promyze-clinpm

Installation

We recommend installing the promyze-cli tool globally.

npm i -g promyze-cli

Configuration

There is one mandatory parameter to set:

PROMYZE_API_KEY: A valid user API Key to connect to your Packmind instance.

We recommend setting these values as environment variables, but you can also pass them as command-line arguments.

You can also use the dotenv package:

npm install dotenv dotenv-cli

Then, create a .env.promyze file and set these two values (add it to your .gitignore to not share sensitive data):

PROMYZE_API_KEY=

Then add a script in your package.json:

{
  "scripts": {
    "promyze-cli": "dotenv -e .env.promyze promyze-cli scan ."
  }
}

And you can finally run it as:

npm run promyze-cli

Run a scan in standalone mode

Outside a npm script, run the following command to ensure everything works fine:

promyze-cli scan .
//or npm run promyze-cli if you've followed above instructions

If yes, you can check the section below to configure the code analysis.

Configuration

Usage: Promyze scan [options] [sources]

Scan the comma-separated list of files/directories to detect negative examples of best practices

Options:
  -e, --exclude <exclude>                    Comma-separated list of patterns to exclude files that contain one of them (ex: "Listener"). These are only string patterns, not regular expressions (default: "dist/,node_modules,.min.,.map.,.git/")
  
  -ext, --extensions <severity>              Comma-separated list of extensions to exclusively include, ex: ".js,.ts". (default: "")
  
  -m, --mode <mode>                          Execution mode:
                                        * "all" : scan all the codebase  
                                        * "onlyChanged": Should only scan edited files on SCM (only Git is supported): (default: "all")
                                        
  -g, --grouped <grouped>                    For the "console" formatter, group the result by files or practices: ["files", "practices"]. (default: "files")
  
  -f, --formatters <formatters>              Comma-separated list of formatters: ["console", "sonarqube", "sarif"]. (default: "console")
  
  -o, --output <outputFile>                  File output when formatters do not only include "console" (default: "promyze-scan.json")
  
  -s, --severity <severity>                  Severity of the issues in the report, such as "WARNING", "MAJOR", "BLOCKER", .... Only relevant when formatter is "sonarqube" or  "sarif". (default: "MAJOR")
  
  -t, --type <issueType>                     Exclude file patterns, such as "CODE_SMELL", "VULNERABILITY", "BUG", ... Only relevant when formatter is "sonarqube" or "sarif" (default: "CODE_SMELL")
  
  -sp, --spaces <spaces>                     Restrict the results to practices included into specific spaces, separated with commas. (default: "")
  
  -k, --apiKey <apiKey>                      Indicate the full Packmind API Key. We recommend to use instead the PROMYZE_API_KEY (or PACKMIND_API_KEY) environment variable. (default: "")
  
  -exit, --errorIfResults <errorIfResults>   If true, will stop with an error code 1 if at least one suggestion is found (default: "false")
  
  -ca, --caSSL <pathToSSLCertificate>        If specified, the CLI will trust this certificate (default: "")
  
  -ruleIdSarif, --ruleIdSarif <ruleIdSarif>  Specify what will be the ruleId property if the Sarif Report. Either "practiceId" or "practiceName" (default: "practiceId")
  
  --gitlabMR <true/false>                    Will attempt to scan files involved in the current GitLab Merge Request, if scan is done within a MR. A `PACKMIND_GITLAB_TOKEN` environment variable must be set to query Gitlab API (default: "false")

  -bs, --batchSize <batchSize>               If specified, the batch size for the analysis. Use with cautious. (Max : 30) (default: "10")
  
  -bc, --batchConcurrent <batchConcurrent>   If specified, the number of concurrent calls for batch chunks. Use with cautious. (Max : 30) (default: "10")
  
  -h, --help                                 display help for command

For any suggestion to improve this package, feel free to submit us your suggestion, and we'd be happy to consider it:

PreviousPackmind CLI NextRun with Docker

Last updated 1 month ago