Skip to content

Binary Scanning via Command Line (SQL)

Important

When running a locally installed agent, you must open the command line as an Administrator.

You must use credentials that can read metadata about the databases being scanned.

Analyze a relational database

analyze -a yourApp -c jdbc:postgresql://localhost:5432/sampledb -u postgres_user -pwd postgres_password

Important

ScanSpaces should be unique to users or processes to avoid the inadvertent removal of previous scan sessions. The --expunge-scan-sessions option removes all previous scan sessions with the same fingerprint, even if they were created by another user.

The fingerprint is a collection of parameters specified when scanning. In the example below, the Java agent fingerprint is these parameters: --application, --method-filter, --path, --scan-space-name, and --type.

For example, a Continuous Integration (CI) pipeline scan, perhaps in a Jenkinsfile, is initiated as part of a build whenever there is a code merge. These scans are stored by the CodeLogic Server in the Development ScanSpace.

The command in the Jenkinsfile is: analyze --application neo4Cape-RobertPaulson --method-filter com.codelogic. --path /scan --type SCAN --scan-space-name Development.

A developer runs the same analysis using the CLI using CLI options that result in the same fingerprint but with the --expunge-scan-sessions option.

The developer's command is: analyze --application neo4Cape-RobertPaulson --method-filter com.codelogic. --path /scan --type SCAN --scan-space-name Development --expunge-scan-sessions.

Since the fingerprints match, all previous scans in the Development ScanSpace on the CodeLogic server are removed.

This can be avoided by each user using their own ScanSpaces. A ScanSpace is created when the --scan-space-name option is used, if it does not already exist.

Although a default ScanSpace is used if none is specified, always specifying a ScanSpace that is unique to a user is recommended.

Help options for the Codelogic SQL Agent

codelogic-sql:>help analyze  

NAME
    analyze - Analyze a database by the given connection.

SYNOPSYS
    analyze [-c] string  [[-u] string]  [[-pwd] string]  [[-o] string]  [-a] string  [[-d] string]  [-e]  [[-s] string]  

OPTIONS
    -c or --connection-url or --jdbc-url  string
        The connection url, with no extra parameters, to use to connect to the database.
        Warning: The --jdbc-url parameter is deprecated and will be removed in a future release.

        [Relational Databases] Use a JDBC connection string to analyze relational databases such as PostgreSQL, Oracle, MySql.
        Example: jdbc:postgresql://localhost:5432/myDatabase

        [MongoDB] Use a Mongo connection string to analyze Mongo databases.
        Example: mongodb://localhost:27017/

        [Neo4j] Use a Bolt connection string to analyze Neo4j databases.
        Example: bolt://localhost:7687
        [Mandatory]

    -u or --user  string
        The user to use while connecting to the database. It is recommended to provide a user with read-only permissions.
        [Optional, default = <none>]

    -pwd or --password  string
        The password for the given user.
        [Optional, default = <none>]

    -o or --output  string
        'API_CSV' - Batch data locally in CSV. Upload to api as single batch.
        'CSV' - write results to CSV files in the auxiliary directory. Zip the results once finished.
        [Optional, default = API_CSV]

    -a or --application  string
        The Application node to create that will be the parent of all objects found in the scan.
        The value is a comma separated list of 'Application' semantic names.
        Semantic names may be anything you wish if creating a new application.
        If linking grouping to an existing application, the semantic name is its 'identity' minus the 'grouping:' prefix.
        Identities for items may be found in the 'Item Details' page of the CodeLogic UI.
        [Mandatory]

    -d or --database  string
        This will override the detected database name.
        This is also useful if the name could not be determined.
        It is necessary to set this if your are scanning an Oracle database.
        [Optional, default = <none>]

    -e or --expunge-scan-sessions
        Instruct the server to delete all other scan sessions created
        by this agent and its configuration after the current scan
        session has completed successfully.
        [Optional, default = false]

    -s or --scan-space-name  string
        The name of the scan space that the data will be saved to.
        If specified, a ScanSpace with this name will be created if not found.
        If not specified, information will be saved to the default ScanSpace.
        [Optional, default = <none>]