Skip to content

Commit 7d83fba

Browse files
authored
CM-45076 - CLI v3.0.0
2 parents 99b820b + b07c433 commit 7d83fba

File tree

183 files changed

+3999
-3271
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

183 files changed

+3999
-3271
lines changed

.github/workflows/docker-image.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -27,10 +27,10 @@ jobs:
2727
run: |
2828
git checkout ${{ steps.latest_tag.outputs.LATEST_TAG }}
2929
30-
- name: Set up Python 3.8
30+
- name: Set up Python
3131
uses: actions/setup-python@v5
3232
with:
33-
python-version: '3.8'
33+
python-version: '3.9'
3434

3535
- name: Load cached Poetry setup
3636
id: cached_poetry

.github/workflows/pre_release.yml

+3-3
Original file line numberDiff line numberDiff line change
@@ -32,10 +32,10 @@ jobs:
3232
with:
3333
fetch-depth: 0
3434

35-
- name: Set up Python 3.8
36-
uses: actions/setup-python@v4
35+
- name: Set up Python
36+
uses: actions/setup-python@v5
3737
with:
38-
python-version: '3.8'
38+
python-version: '3.9'
3939

4040
- name: Load cached Poetry setup
4141
id: cached-poetry

.github/workflows/release.yml

+3-3
Original file line numberDiff line numberDiff line change
@@ -31,10 +31,10 @@ jobs:
3131
with:
3232
fetch-depth: 0
3333

34-
- name: Set up Python 3.8
35-
uses: actions/setup-python@v4
34+
- name: Set up Python
35+
uses: actions/setup-python@v5
3636
with:
37-
python-version: '3.8'
37+
python-version: '3.9'
3838

3939
- name: Load cached Poetry setup
4040
id: cached-poetry

.github/workflows/ruff.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -21,9 +21,9 @@ jobs:
2121
uses: actions/checkout@v3
2222

2323
- name: Setup Python
24-
uses: actions/setup-python@v4
24+
uses: actions/setup-python@v5
2525
with:
26-
python-version: 3.8
26+
python-version: 3.9
2727

2828
- name: Load cached Poetry setup
2929
id: cached-poetry

.github/workflows/tests.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,9 @@ jobs:
2626
uses: actions/checkout@v4
2727

2828
- name: Set up Python
29-
uses: actions/setup-python@v4
29+
uses: actions/setup-python@v5
3030
with:
31-
python-version: '3.8'
31+
python-version: '3.9'
3232

3333
- name: Load cached Poetry setup
3434
id: cached-poetry

.github/workflows/tests_full.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
strategy:
1414
matrix:
1515
os: [ macos-latest, ubuntu-latest, windows-latest ]
16-
python-version: [ "3.8", "3.9", "3.10", "3.11", "3.12", "3.13" ]
16+
python-version: [ "3.9", "3.10", "3.11", "3.12", "3.13" ]
1717

1818
runs-on: ${{matrix.os}}
1919

.pre-commit-hooks.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,10 @@
33
language: python
44
language_version: python3
55
entry: cycode
6-
args: [ '--no-progress-meter', 'scan', '--scan-type', 'secret', 'pre_commit' ]
6+
args: [ '-o', 'text', '--no-progress-meter', 'scan', '-t', 'secret', 'pre-commit' ]
77
- id: cycode-sca
88
name: Cycode SCA pre-commit defender
99
language: python
1010
language_version: python3
1111
entry: cycode
12-
args: [ '--no-progress-meter', 'scan', '--scan-type', 'sca', 'pre_commit' ]
12+
args: [ '-o', 'text', '--no-progress-meter', 'scan', '-t', 'sca', 'pre-commit' ]

CODEOWNERS

+1-1
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
* @MarshalX @MichalBor @MaorDavidzon @artem-fedorov @elsapet @gotbadger @cfabianski
1+
* @MarshalX @elsapet @gotbadger @cfabianski

CONTRIBUTING.md

+4-2
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,14 @@
44

55
## How to contribute to Cycode CLI
66

7-
The minimum version of Python that we support is 3.8.
7+
The minimum version of Python that we support is 3.9.
88
We recommend using this version for local development.
99
But it’s fine to use a higher version without using new features from these versions.
1010

1111
The project is under Poetry project management.
1212
To deal with it, you should install it on your system:
1313

14-
Install Poetry (feel free to use Brew, etc):
14+
Install Poetry (feel free to use Brew, etc.):
1515

1616
```shell
1717
curl -sSL https://install.python-poetry.org | python - -y
@@ -70,6 +70,8 @@ poetry run ruff format .
7070

7171
Many rules support auto-fixing. You can run it with the `--fix` flag.
7272

73+
Plugin for JB IDEs with auto formatting on save is available [here](https://plugins.jetbrains.com/plugin/20574-ruff).
74+
7375
### Branching and versioning
7476

7577
We use the `main` branch as the main one.

README.md

+25-29
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ This guide walks you through both installation and usage.
2121
1. [Options](#options)
2222
1. [Severity Threshold](#severity-option)
2323
2. [Monitor](#monitor-option)
24-
3. [Report](#report-option)
24+
3. [Cycode Report](#cycode-report-option)
2525
4. [Package Vulnerabilities](#package-vulnerabilities-option)
2626
5. [License Compliance](#license-compliance-option)
2727
6. [Lock Restore](#lock-restore-option)
@@ -54,7 +54,7 @@ This guide walks you through both installation and usage.
5454

5555
# Prerequisites
5656

57-
- The Cycode CLI application requires Python version 3.8 or later.
57+
- The Cycode CLI application requires Python version 3.9 or later.
5858
- Use the [`cycode auth` command](#using-the-auth-command) to authenticate to Cycode with the CLI
5959
- Alternatively, you can get a Cycode Client ID and Client Secret Key by following the steps detailed in the [Service Account Token](https://docs.cycode.com/docs/en/service-accounts) and [Personal Access Token](https://docs.cycode.com/v1/docs/managing-personal-access-tokens) pages, which contain details on getting these values.
6060

@@ -208,7 +208,7 @@ Cycode’s pre-commit hook can be set up within your local repository so that th
208208

209209
Perform the following steps to install the pre-commit hook:
210210

211-
1. Install the pre-commit framework (Python 3.8 or higher must be installed):
211+
1. Install the pre-commit framework (Python 3.9 or higher must be installed):
212212

213213
```bash
214214
pip3 install pre-commit
@@ -221,26 +221,26 @@ Perform the following steps to install the pre-commit hook:
221221
```yaml
222222
repos:
223223
- repo: https://github.com/cycodehq/cycode-cli
224-
rev: v2.3.0
224+
rev: v3.0.0
225225
hooks:
226226
- id: cycode
227227
stages:
228-
- commit
228+
- pre-commit
229229
```
230230

231231
4. Modify the created file for your specific needs. Use hook ID `cycode` to enable scan for Secrets. Use hook ID `cycode-sca` to enable SCA scan. If you want to enable both, use this configuration:
232232

233233
```yaml
234234
repos:
235235
- repo: https://github.com/cycodehq/cycode-cli
236-
rev: v2.3.0
236+
rev: v3.0.0
237237
hooks:
238238
- id: cycode
239239
stages:
240-
- commit
240+
- pre-commit
241241
- id: cycode-sca
242242
stages:
243-
- commit
243+
- pre-commit
244244
```
245245

246246
5. Install Cycode’s hook:
@@ -281,8 +281,8 @@ The following are the options and commands available with the Cycode CLI applica
281281
| [auth](#using-the-auth-command) | Authenticate your machine to associate the CLI with your Cycode account. |
282282
| [configure](#using-the-configure-command) | Initial command to configure your CLI client authentication. |
283283
| [ignore](#ignoring-scan-results) | Ignores a specific value, path or rule ID. |
284-
| [scan](#running-a-scan) | Scan the content for Secrets/IaC/SCA/SAST violations. You`ll need to specify which scan type to perform: commit_history/path/repository/etc. |
285-
| [report](#report-command) | Generate report. You`ll need to specify which report type to perform. |
284+
| [scan](#running-a-scan) | Scan the content for Secrets/IaC/SCA/SAST violations. You`ll need to specify which scan type to perform: commit-history/path/repository/etc. |
285+
| [report](#report-command) | Generate report. You`ll need to specify which report type to perform as SBOM. |
286286
| status | Show the CLI status and exit. |
287287

288288
# Scan Command
@@ -294,24 +294,23 @@ The Cycode CLI application offers several types of scans so that you can choose
294294
| Option | Description |
295295
|------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
296296
| `-t, --scan-type [secret\|iac\|sca\|sast]` | Specify the scan you wish to execute (`secret`/`iac`/`sca`/`sast`), the default is `secret`. |
297-
| `--secret TEXT` | Specify a Cycode client secret for this specific scan execution. |
297+
| `--client-secret TEXT` | Specify a Cycode client secret for this specific scan execution. |
298298
| `--client-id TEXT` | Specify a Cycode client ID for this specific scan execution. |
299299
| `--show-secret BOOLEAN` | Show secrets in plain text. See [Show/Hide Secrets](#showhide-secrets) section for more details. |
300300
| `--soft-fail BOOLEAN` | Run scan without failing, always return a non-error status code. See [Soft Fail](#soft-fail) section for more details. |
301301
| `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]` | Show only violations at the specified level or higher. |
302302
| `--sca-scan` | Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both. |
303303
| `--monitor` | When specified, the scan results will be recorded in the knowledge graph. Please note that when working in `monitor` mode, the knowledge graph will not be updated as a result of SCM events (Push, Repo creation). (Supported for SCA scan type only). |
304-
| `--report` | When specified, a violations report will be generated. A URL link to the report will be printed as an output to the command execution. |
304+
| `--cycode-report` | When specified, displays a link to the scan report in the Cycode platform in the console output. |
305305
| `--no-restore` | When specified, Cycode will not run restore command. Will scan direct dependencies ONLY! |
306-
| `--sync` | Run scan synchronously (the default is asynchronous). |
307306
| `--gradle-all-sub-projects` | When specified, Cycode will run gradle restore command for all sub projects. Should run from root project directory ONLY! |
308307
| `--help` | Show options for given command. |
309308

310309
| Command | Description |
311310
|----------------------------------------|-----------------------------------------------------------------|
312-
| [commit_history](#commit-history-scan) | Scan all the commits history in this git repository |
311+
| [commit-history](#commit-history-scan) | Scan all the commits history in this git repository |
313312
| [path](#path-scan) | Scan the files in the path supplied in the command |
314-
| [pre_commit](#pre-commit-scan) | Use this command to scan the content that was not committed yet |
313+
| [pre-commit](#pre-commit-scan) | Use this command to scan the content that was not committed yet |
315314
| [repository](#repository-scan) | Scan git repository including its history |
316315

317316
### Options
@@ -340,18 +339,15 @@ When using this option, the scan results from this scan will appear in the knowl
340339
> [!WARNING]
341340
> You must be an `owner` or an `admin` in Cycode to view the knowledge graph page.
342341
343-
#### Report Option
342+
#### Cycode Report Option
344343
345-
> [!NOTE]
346-
> This option is not available to IaC scans.
347-
348-
To push scan results tied to the [SCA policies](https://docs.cycode.com/docs/sca-policies) found in the Repository scan to Cycode, add the argument `--report` to the scan command.
344+
For every scan performed using the Cycode CLI, a report is automatically generated and its results are sent to Cycode. These results are tied to the relevant policies (e.g., [SCA policies](https://docs.cycode.com/docs/sca-policies) for Repository scans) within the Cycode platform.
349345
350-
`cycode scan -t sca --report repository ~/home/git/codebase`
346+
To have the direct URL to this Cycode report printed in your CLI output after the scan completes, add the argument `--cycode-report` to your scan command.
351347
352-
In the same way, you can push scan results of Secrets and SAST scans to Cycode by adding the `--report` option to the scan command.
348+
`cycode scan --cycode-report repository ~/home/git/codebase`
353349
354-
When using this option, the scan results from this scan will appear in the On-Demand Scans section of Cycode. To get to this page, click the link that appears after the printed results:
350+
All scan results from the CLI will appear in the CLI Logs section of Cycode. If you included the `--cycode-report` flag in your command, a direct link to the specific report will be displayed in your terminal following the scan results.
355351
356352
> [!WARNING]
357353
> You must be an `owner` or an `admin` in Cycode to view this page.
@@ -467,25 +463,25 @@ A commit history scan is limited to a local repository’s previous commits, foc
467463
468464
To execute a commit history scan, execute the following:
469465
470-
`cycode scan commit_history {{path}}`
466+
`cycode scan commit-history {{path}}`
471467
472468
For example, consider a scenario in which you want to scan the commit history for a repository stored in `~/home/git/codebase`. You could then execute the following:
473469
474-
`cycode scan commit_history ~/home/git/codebase`
470+
`cycode scan commit-history ~/home/git/codebase`
475471
476472
The following options are available for use with this command:
477473
478474
| Option | Description |
479475
|---------------------------|----------------------------------------------------------------------------------------------------------|
480-
| `-r, --commit_range TEXT` | Scan a commit range in this git repository, by default cycode scans all commit history (example: HEAD~1) |
476+
| `-r, --commit-range TEXT` | Scan a commit range in this git repository, by default cycode scans all commit history (example: HEAD~1) |
481477
482478
#### Commit Range Option
483479
484-
The commit history scan, by default, examines the repository’s entire commit history, all the way back to the initial commit. You can instead limit the scan to a specific commit range by adding the argument `--commit_range` (`-r`) followed by the name you specify.
480+
The commit history scan, by default, examines the repository’s entire commit history, all the way back to the initial commit. You can instead limit the scan to a specific commit range by adding the argument `--commit-range` (`-r`) followed by the name you specify.
485481
486482
Consider the previous example. If you wanted to scan only specific commits in your repository, you could execute the following:
487483
488-
`cycode scan commit_history -r {{from-commit-id}}...{{to-commit-id}} ~/home/git/codebase`
484+
`cycode scan commit-history -r {{from-commit-id}}...{{to-commit-id}} ~/home/git/codebase`
489485
490486
### Pre-Commit Scan
491487
@@ -824,7 +820,7 @@ The following commands are available for use with this command:
824820
| Command | Description |
825821
|------------------|-----------------------------------------------------------------|
826822
| `path` | Generate SBOM report for provided path in the command |
827-
| `repository_url` | Generate SBOM report for provided repository URI in the command |
823+
| `repository-url` | Generate SBOM report for provided repository URI in the command |
828824
829825
### Repository
830826

cycode/__main__.py

+4
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
from cycode.cli.consts import PROGRAM_NAME
2+
from cycode.cli.main import app
3+
4+
app(prog_name=PROGRAM_NAME)

0 commit comments

Comments
 (0)