As of now, CLI supports following stacks:
- Node (NPM):
package.json
- Golang (Go):
go.mod
- Java (Maven):
pom.xml
- Python (pip):
requirements.txt
The first time CRDA CLI is run, you will be asked to opt-in to Red Hat’s telemetry collection program.
With your approval, CRDA CLI collects pseudonymized usage data and sends it to Red Hat servers to help improve our products and services. To learn more, Please visit https://developers.redhat.com/article/tool-data-collection
Manually configuring usage data collection
You can manually change your preference about usage data collection by running in crda config set consent_telemetry false/true
.
- Select, Download and Install the latest binary from Releases
$ curl -s -L https://github.com/fabric8-analytics/cli-tools/releases/download/v0.2.2/crda_0.2.2_Linux_64bit.tar.gz | tar xvz -C .
$ curl -s -L https://github.com/fabric8-analytics/cli-tools/releases/download/v0.2.2/crda_0.2.2_Linux-64bit.rpm
$ curl -s -L https://github.com/fabric8-analytics/cli-tools/releases/download/v0.2.2/crda_0.2.2_macOS_64bit.tar.gz | tar xvz -C .
$ curl -s -L https://github.com/fabric8-analytics/cli-tools/releases/download/v0.2.2/crda_0.2.2_macOS_ARM64.tar.gz | tar xvz -C .
Click here to start download.
Executable supports following commands:
- Please install manifest dependencies first to have correct CLI behaviour.
-
crda auth
: This command is used to enable user to Authenticate with CRDA Server. It outputs a unique UUID. This command generates and savescrda_key
in$HOME/.crda/config.yaml
Supported Flags:
--snyk-token
(string) (OPTIONAL): Can be obtained from here. If not set, Freemium a/c with limited functionality will be created. Please note, New Token generated is confidential and is mapped to your Synk Account. Keep it safe!--help
(Optional): Command level Help.
-
crda analyse
: Command to perform Full Stack Analyses. Supported Arguments:-
(string) (Required): Manifest file Absolute Path. Ex: for Node, usually its
/path/to/package.json
, similarly/path/to/pom.xml
for Java. -
--help
(Optional): Command level Help.
-
-
crda version
: This outputs version details of Binary. -
crda config set $CONFIG-KEY $VALUE
: Sets configuration values -
crda config get $CONFIG-KEY
: Gets configuration values
CLI can be integrated in Pipelines, popular ones include Jenkins, Tekton etc
- Set Telemetry Consent: Set Environment variable
CONSENT_TELEMETRY="true"
. - Use
--client=jenkins/tekton/intellij
for telemetry purposes. - Use
--json
flag to feed output to subsequent subsystems.
CLI needs Project dependencies to be installed in same namespace as its execution. If Pipeline has multiple tasks, recommended way is to use Volumes to install dependencies.
Examples of Projects using CLI:
- Jenkins: https://github.com/jenkinsci/redhat-codeready-dependency-analysis-plugin
- Github Actions: https://github.com/marketplace/actions/codeready-dependency-analytics
- Tekton: https://github.com/tektoncd/catalog/tree/main/task/redhat-codeready-dependency-analysis/0.1
--debug
: (bool) (Optional): Debug Flag. Enables Debug Logs--no-color
: (bool) (Optional): Toggles colors in output.--help
: help about binary functionalities.--client
: (string) Telemetry client identification [tekton/jenkins/gh-actions/intellij/terminal].
Possible exit codes and their meaning:
- 0: success, no vulnerabilities found
- 1: failure, try to re-run command
- 2: action_needed, vulnerabilities found
make build
Got Issues..? We got your back. Tell Us here: Raise Issue
We Love stars, just like you do.