Binary Scanning via Command Line (.NET)
Important
When running a locally installed agent, you must open the command line as an Administrator.
Analyze an application, omit the -d
option if no database is utilized
NetCapeAgent analyze -a dynamicDemoApp --path C:\Users\User\Documents\yourAppsDlls -d jdbc:postgresql://localhost:5432/sampledb
Important
ScanSpaces should be unique to users or processes to avoid the inadvertent removal of previous scan sessions. The --expunge-scan-sessions
option removes all previous scan sessions with the same fingerprint, even if they were created by another user.
The fingerprint is a collection of parameters specified when scanning. In the example below, the Java agent fingerprint is these parameters:
--application
, --method-filter
, --path
, --scan-space-name
, and --type
.
For example, a Continuous Integration (CI) pipeline scan, perhaps in a Jenkinsfile, is initiated as part of a build whenever there is a code merge. These scans are stored by the CodeLogic Server in the Development ScanSpace.
The command in the Jenkinsfile is: analyze --application neo4Cape-RobertPaulson --method-filter com.codelogic. --path /scan --type SCAN --scan-space-name Development
.
A developer runs the same analysis using the CLI using CLI options that result in the same fingerprint but with the --expunge-scan-sessions
option.
The developer's command is: analyze --application neo4Cape-RobertPaulson --method-filter com.codelogic. --path /scan --type SCAN --scan-space-name Development --expunge-scan-sessions
.
Since the fingerprints match, all previous scans in the Development
ScanSpace on the CodeLogic server are removed.
This can be avoided by each user using their own ScanSpaces. A ScanSpace is created when the --scan-space-name
option is used, if it does not already exist.
Although a default ScanSpace is used if none is specified, always specifying a ScanSpace that is unique to a user is recommended.
Help options for the Codelogic windows .NET Agent
C:\Program Files (x86)\CodeLogic\NetCape>NetCapeAgent analyze --help
Analyze relationships and dependencies of .Net based dlls and executables.
Usage: NetCapeAgent analyze [options]
Options:
-a|--application [ConditionallyRequired, MultipleSpecification]
[Required If: '--iis' argument is not given.]
Specify the names of application nodes under which artifacts found from the scan will be grouped.
The following example would group any artifacts found from the scan under 'OpenDental' and 'OpenDentalBeta' application nodes.
Application nodes are created if they do not already exist.
[Example: -a=OpenDental -a=OpenDentalBeta]
-c|--config [Optional, SingleSpecification, NoValue]
[Default: true if neither '--iis' nor '--path' arguments are given.]
[Default: false if '--iis' or '--path' arguments are given.]
If set, all ScanConfigurations will be taken from the configuration file.
Any additional command line options given will be ignored when this is set.
Use this option if you do not wish to specify other options via the command line.
[Example: -c]
-d|--database [Optional, MultipleSpecification]
A list of database identities to use in the creation of relationships.
This should always be specified if known, and makes database relationships more reliable.
'identity' values may be found in NodeDetails via the UI.
[Example: -d=jdbc:postgresql://localhost:5432/ExampleDB --database=jdbc:postgresql://localhost:5432/OtherDB]
-x|--exclude [Optional, MultipleSpecification]
[Default: Marks all related files for analysis]
Excludes directories and filenames that contain the given string from being scanned.
The example excludes assemblies containing 'CodeLogic.Common' or 'CodeLogic.Client' in their name from analysis.
[Example: -x=CodeLogic.Common --exclude=CodeLogic.Client]
-e|--expunge-scan-sessions [Optional, SingleSpecification, NoValue]
[Default: false - Keeps old data in addition to data found in this scan.]
Marks data from previous scans found with the same ScanConfiguration fingerprint as ready to be pruned or garbage collected from the database.
Useful in continuous integration pipelines where only the scan of the latest build should be kept.
[Example: --expunge-scan-sessions]
-f|--filter [Optional, MultipleSpecification]
[Default: Marks all related files for analysis]
Filters scanning to only those filenames that contain the given string.
The example marks assemblies containing 'CodeLogic.Common' or 'CodeLogic.Client' in their name for analysis.
[Example: -f=CodeLogic.Common --filter=CodeLogic.Client]
-g|--show-compiler-generated [Optional, SingleSpecification, NoValue]
[Default: false. Will not show compiler generated code in resulting graph.]
Show compiler generated code.
[Example: -g]
-i|--iis [Windows Only]
[ConditionallyRequired, SingleSpecification, NoValue]
[Required If: '--path' is not given.]
Analyzes IIS websites on this machine.
[Example: -i]
-m|--method-filter [Optional, MultipleSpecification]
[Default: No artifacts will have method-to-method relationships created.]
Creating method-to-method relationships involves reading every instruction and ingesting large amounts of data.
This can be an expensive operation. This inclusion list acts as a prefix filter on namespaces.
Methods with a namespace that match a prefix will have their instructions analyzed for method-to-method relationships.
As such, this list should include filters for only those namespaces that you are most interested in viewing (proprietary code).
[Example: -m=NetCapeAgent --method-filter=CodeLogic.Client]
-p|--path [ConditionallyRequired, MultipleSpecification]
[Required If: '--iis' is not specified.]
Path to file or directory to be analyzed.
[Example: -p=ExampleFolder --path=OtherFolder/Example.dll]
-o|--output [Optional, SingleSpecification]
[Default: APICSV]
Valid Values:
APICSV - the data will be sent to the CodeLogic CSV API after analysis.
CSV - the data will NOT sent to CodeLogic. Instead a zip folder with analysis data will be saved to a localappdata folder.
[Example: -o=CSV]
--ref-path [Optional, MultipleSpecification]
Path to recursively search for assembly references.
[Example: --ref-path ExampleFolder --ref-path OtherFolder]
--rescan [Optional, SingleSpecification, NoValue]
[Default: The agent will not analyze artifacts that already are available in the CodeLogic server.]
If specified the Agent will reanalyze an artifact even if it is already found in the CodeLogic server.
[Example: --rescan]
--force-registration [Optional, SingleSpecification, NoValue]
[Default: false. Will attempt to use known agent credentials if they exist.]
Deletes previously generated agent credentials and forces the agent to reregister itself.
This option is useful in instances where fusionAuth credentials have been revoked, but can otherwise be ignored.
[Example: --force-registration]
--depth [Optional, SingleSpecification, NoValue]
[Default: 500. Will search subdirectories up to depth of 500.]
Ignored if '--iis' argument is given.
Whether to search subdirectories of a given '-p' path.
[Example: --depth=10]
Default value is: 500.
-w|--website [Optional, MultipleSpecification]
[Default: All websites are analyzed.]
Filters scanning to only those website names that contain the given string.
Note: only used during IIS scanning (when '-i|--iis' is given as an argument).
The following example marks websites containing 'CodeLogicWeb' or 'CodeLogicServer' in their name for analysis.
[Example: -w=CodeLogicWeb --website=CodeLogicServer]
-s|--scan-space-name [Optional, SingleSpecification]
A name of a scan space for this scan. A scan space with this name will be created if none exists.
[Example: --scan-space-name "My Scan Space"]
-?|-h|--help Show help information.