Binary Scanning via Command Line (Java)
Important
When running a locally installed agent, you must open the command line as an Administrator.
Run the appropriate agent script
/opt/codelogic/java# ./run_agent.sh
C:\Program Files (x86)\CodeLogic\java>run_agent.bat
Analyze an application
analyze -a yourApp -t ARCHIVE -p /locationToYourApp/app.jar
analyze -a yourApp -d jdbc:postgresql://localhost:5432/sampledb -t ARCHIVE -f /locationToYourApp/app.jar
Important
ScanSpaces should be unique to users or processes to avoid the inadvertent removal of previous scan sessions. The --expunge-scan-sessions
option removes all previous scan sessions with the same fingerprint, even if they were created by another user.
The fingerprint is a collection of parameters specified when scanning. In the example below, the Java agent fingerprint is these parameters:
--application
, --method-filter
, --path
, --scan-space-name
, and --type
.
For example, a Continuous Integration (CI) pipeline scan, perhaps in a Jenkinsfile, is initiated as part of a build whenever there is a code merge. These scans are stored by the CodeLogic Server in the Development ScanSpace.
The command in the Jenkinsfile is: analyze --application neo4Cape-RobertPaulson --method-filter com.codelogic. --path /scan --type SCAN --scan-space-name Development
.
A developer runs the same analysis using the CLI using CLI options that result in the same fingerprint but with the --expunge-scan-sessions
option.
The developer's command is: analyze --application neo4Cape-RobertPaulson --method-filter com.codelogic. --path /scan --type SCAN --scan-space-name Development --expunge-scan-sessions
.
Since the fingerprints match, all previous scans in the Development
ScanSpace on the CodeLogic server are removed.
This can be avoided by each user using their own ScanSpaces. A ScanSpace is created when the --scan-space-name
option is used, if it does not already exist.
Although a default ScanSpace is used if none is specified, always specifying a ScanSpace that is unique to a user is recommended.
Help options for the CodeLogic Java Agent
codelogic-java:>help analyze
NAME
analyze -
Analyze java artifacts on demand. This command requires parameters
in interactive or commandline mode. Values from the agent
configuration are ignored.
SYNOPSIS
analyze [--application String] [--path String] --type String --output String --depth Integer --filter String --recursive String --database String --method-filter String --rescan boolean --expunge-scan-sessions boolean --scan-space-name String
OPTIONS
--application or -a String
The Application node to create that will be the parent of all objects found in the scan.
The value is a comma-separated list of 'Application' semantic names.
Semantic names may be anything you wish if creating a new application.
If linking grouping to an existing application,the semantic name is its 'identity' minus the 'grouping:' prefix.
Identities for items may be found in the 'Item Details' page of the CodeLogic UI.
[Mandatory]
--path or -p String
A comma-separated list of absolute filepaths to analyze or scan.
[Mandatory]
--type or -t String
'SCAN' - automatically search for archives
'ARCHIVE' - specify a Java archive to analyze (.jar,.war,.ear)
'FILE' - (deprecated) Specify a file to analyze. Usually a .class file.
[Optional, default = SCAN]
--output or -o String
'API_CSV' - Batch data locally in CSV zipped in the auxiliary directory. Upload the zip to the api when finished.
'CSV' - Batch data locally in CSV files zipped in the auxiliary directory.
[Optional, default = API_CSV]
--depth Integer
During scanning, this value will be used as the depth of subdirectories to traverse before stopping.
[Optional, default = 500]
--filter or -f String
A comma-separated list of partial filenames that will cause an artifact to be marked for
analysis during a SCAN if the artifact's filename contains the filter.
Wildcards are not supported.
[Optional]
--recursive or -r String
A comma-separated list of substrings to key off of to trigger recursive analysis (jar within jar).
Ex: 'codelogic,spring' would match 'codelogic-core-services.jar' and 'spring-data-jpa.jar'.
The star character '*' may be used to match all jars recursively. Warning: expensive operation.
[Optional]
--database or -d String
A comma-separated list of database identities to use in the creation of relationships.
These database identities will only be used if the scan finds tables and columns but cannot find
the related database connection. One example where this may happen is with external configuration files.
[Optional]
--method-filter or -m String
A comma-separated list of Java package prefixes that should be included in
method-invokes-method relationships. By default no packages are included in method-to-method scanning.
[Optional]
--rescan boolean
[Flag Parameter: 'true' if option is specified.]
Normally to speed up analysis, archives already detected in the CodeLogic DB are skipped.
With this flag, all archives that match filters will be scanned regardless.
[Optional, default = false]
--expunge-scan-sessions or -e boolean
[Flag Parameter: 'true' if option is specified.]
Instruct the server to delete all other scan sessions created
by this agent and its configuration after the current scan
session has completed successfully.
[Optional, default = false]
--scan-space-name or -s String
The name of the scan space that the data will be saved to.
If specified, a ScanSpace with this name will be created if not found.
If not specified, information will be saved to the default ScanSpace.
[Optional]