Skip to content

CM-45076 - CLI v3.0.0 #305

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 20 commits into from
May 14, 2025
Merged

CM-45076 - CLI v3.0.0 #305

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
25ad3ec
CM-45153, CM-45154, CM-45155, CM-45156, CM-45546 - Migrate CLI from C…
MarshalX Mar 7, 2025
4ee8185
CM-45717 - Add formatted and colorized text in logs (`--verbose` mode…
MarshalX Mar 12, 2025
b64c67e
CM-45715 - Add rich progress bar with spinner and elapsed time (#286)
MarshalX Mar 14, 2025
da80ead
CM-45716 - Add rich tables with more useful information, colorful val…
MarshalX Mar 20, 2025
72e8b77
CM-46137 - Add visual separators of row groups; reorder columns (#289)
MarshalX Mar 24, 2025
f4ae0fa
CM-45719 - Add syntax highlight for code snippets in text output (#290)
MarshalX Mar 26, 2025
ba16609
CM-46371 - Add retry behavior for HTTP requests (#291)
MarshalX Apr 1, 2025
355d1c0
CM-46563 - Migrate to rich Console, add help rich panels, add syntax …
MarshalX Apr 8, 2025
0b32c0d
CM-46370 - Add the error message from the server responses to the use…
MarshalX Apr 9, 2025
dad7859
CM-46732 - Add rich output; improve text output (#295)
MarshalX Apr 15, 2025
aadb590
CM-46731 - Make all flows use scan service (#296)
MarshalX Apr 18, 2025
6c70c21
CM-46733 - Add CLI output exporting in HTML, SVG, and JSON formats (#…
MarshalX Apr 23, 2025
0405c6b
CM-47493 - Make changes in CLI v3.0.0 after feedback (#299)
MarshalX Apr 25, 2025
0707636
CM-45588 - Improve `--help` (#302)
MarshalX Apr 29, 2025
f29a382
Make changes in CLI v3.0.0 after feedback (part 2) (#303)
MarshalX Apr 30, 2025
2b821af
Merge branch 'main' into renovation
MarshalX May 5, 2025
cdf5716
CM-48074 - Return report option with new name `--cycode-report` (#306)
MarshalX May 6, 2025
3575a21
CM-48211 - Update CODEOWNERS (#308)
MarshalX May 9, 2025
4e1f7e0
CM-48075 - Update pre-commit hook to work with compact output (#307)
MarshalX May 9, 2025
b07c433
CM-48357 - Fix SCA restore error handling (#309)
MarshalX May 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/docker-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,10 @@ jobs:
run: |
git checkout ${{ steps.latest_tag.outputs.LATEST_TAG }}

- name: Set up Python 3.8
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.8'
python-version: '3.9'

- name: Load cached Poetry setup
id: cached_poetry
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/pre_release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,10 @@ jobs:
with:
fetch-depth: 0

- name: Set up Python 3.8
uses: actions/setup-python@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.8'
python-version: '3.9'

- name: Load cached Poetry setup
id: cached-poetry
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,10 @@ jobs:
with:
fetch-depth: 0

- name: Set up Python 3.8
uses: actions/setup-python@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.8'
python-version: '3.9'

- name: Load cached Poetry setup
id: cached-poetry
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/ruff.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@ jobs:
uses: actions/checkout@v3

- name: Setup Python
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: 3.8
python-version: 3.9

- name: Load cached Poetry setup
id: cached-poetry
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@ jobs:
uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: '3.8'
python-version: '3.9'

- name: Load cached Poetry setup
id: cached-poetry
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/tests_full.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
strategy:
matrix:
os: [ macos-latest, ubuntu-latest, windows-latest ]
python-version: [ "3.8", "3.9", "3.10", "3.11", "3.12", "3.13" ]
python-version: [ "3.9", "3.10", "3.11", "3.12", "3.13" ]

runs-on: ${{matrix.os}}

Expand Down
4 changes: 2 additions & 2 deletions .pre-commit-hooks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@
language: python
language_version: python3
entry: cycode
args: [ '--no-progress-meter', 'scan', '--scan-type', 'secret', 'pre_commit' ]
args: [ '-o', 'text', '--no-progress-meter', 'scan', '-t', 'secret', 'pre-commit' ]
- id: cycode-sca
name: Cycode SCA pre-commit defender
language: python
language_version: python3
entry: cycode
args: [ '--no-progress-meter', 'scan', '--scan-type', 'sca', 'pre_commit' ]
args: [ '-o', 'text', '--no-progress-meter', 'scan', '-t', 'sca', 'pre-commit' ]
2 changes: 1 addition & 1 deletion CODEOWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
* @MarshalX @MichalBor @MaorDavidzon @artem-fedorov @elsapet @gotbadger @cfabianski
* @MarshalX @elsapet @gotbadger @cfabianski
6 changes: 4 additions & 2 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,14 @@

## How to contribute to Cycode CLI

The minimum version of Python that we support is 3.8.
The minimum version of Python that we support is 3.9.
We recommend using this version for local development.
But it’s fine to use a higher version without using new features from these versions.

The project is under Poetry project management.
To deal with it, you should install it on your system:

Install Poetry (feel free to use Brew, etc):
Install Poetry (feel free to use Brew, etc.):

```shell
curl -sSL https://install.python-poetry.org | python - -y
Expand Down Expand Up @@ -70,6 +70,8 @@ poetry run ruff format .

Many rules support auto-fixing. You can run it with the `--fix` flag.

Plugin for JB IDEs with auto formatting on save is available [here](https://plugins.jetbrains.com/plugin/20574-ruff).

### Branching and versioning

We use the `main` branch as the main one.
Expand Down
54 changes: 25 additions & 29 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ This guide walks you through both installation and usage.
1. [Options](#options)
1. [Severity Threshold](#severity-option)
2. [Monitor](#monitor-option)
3. [Report](#report-option)
3. [Cycode Report](#cycode-report-option)
4. [Package Vulnerabilities](#package-vulnerabilities-option)
5. [License Compliance](#license-compliance-option)
6. [Lock Restore](#lock-restore-option)
Expand Down Expand Up @@ -54,7 +54,7 @@ This guide walks you through both installation and usage.

# Prerequisites

- The Cycode CLI application requires Python version 3.8 or later.
- The Cycode CLI application requires Python version 3.9 or later.
- Use the [`cycode auth` command](#using-the-auth-command) to authenticate to Cycode with the CLI
- Alternatively, you can get a Cycode Client ID and Client Secret Key by following the steps detailed in the [Service Account Token](https://docs.cycode.com/docs/en/service-accounts) and [Personal Access Token](https://docs.cycode.com/v1/docs/managing-personal-access-tokens) pages, which contain details on getting these values.

Expand Down Expand Up @@ -208,7 +208,7 @@ Cycode’s pre-commit hook can be set up within your local repository so that th

Perform the following steps to install the pre-commit hook:

1. Install the pre-commit framework (Python 3.8 or higher must be installed):
1. Install the pre-commit framework (Python 3.9 or higher must be installed):

```bash
pip3 install pre-commit
Expand All @@ -221,26 +221,26 @@ Perform the following steps to install the pre-commit hook:
```yaml
repos:
- repo: https://github.com/cycodehq/cycode-cli
rev: v2.3.0
rev: v3.0.0
hooks:
- id: cycode
stages:
- commit
- pre-commit
```

4. Modify the created file for your specific needs. Use hook ID `cycode` to enable scan for Secrets. Use hook ID `cycode-sca` to enable SCA scan. If you want to enable both, use this configuration:

```yaml
repos:
- repo: https://github.com/cycodehq/cycode-cli
rev: v2.3.0
rev: v3.0.0
hooks:
- id: cycode
stages:
- commit
- pre-commit
- id: cycode-sca
stages:
- commit
- pre-commit
```

5. Install Cycode’s hook:
Expand Down Expand Up @@ -281,8 +281,8 @@ The following are the options and commands available with the Cycode CLI applica
| [auth](#using-the-auth-command) | Authenticate your machine to associate the CLI with your Cycode account. |
| [configure](#using-the-configure-command) | Initial command to configure your CLI client authentication. |
| [ignore](#ignoring-scan-results) | Ignores a specific value, path or rule ID. |
| [scan](#running-a-scan) | Scan the content for Secrets/IaC/SCA/SAST violations. You`ll need to specify which scan type to perform: commit_history/path/repository/etc. |
| [report](#report-command) | Generate report. You`ll need to specify which report type to perform. |
| [scan](#running-a-scan) | Scan the content for Secrets/IaC/SCA/SAST violations. You`ll need to specify which scan type to perform: commit-history/path/repository/etc. |
| [report](#report-command) | Generate report. You`ll need to specify which report type to perform as SBOM. |
| status | Show the CLI status and exit. |

# Scan Command
Expand All @@ -294,24 +294,23 @@ The Cycode CLI application offers several types of scans so that you can choose
| Option | Description |
|------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `-t, --scan-type [secret\|iac\|sca\|sast]` | Specify the scan you wish to execute (`secret`/`iac`/`sca`/`sast`), the default is `secret`. |
| `--secret TEXT` | Specify a Cycode client secret for this specific scan execution. |
| `--client-secret TEXT` | Specify a Cycode client secret for this specific scan execution. |
| `--client-id TEXT` | Specify a Cycode client ID for this specific scan execution. |
| `--show-secret BOOLEAN` | Show secrets in plain text. See [Show/Hide Secrets](#showhide-secrets) section for more details. |
| `--soft-fail BOOLEAN` | Run scan without failing, always return a non-error status code. See [Soft Fail](#soft-fail) section for more details. |
| `--severity-threshold [INFO\|LOW\|MEDIUM\|HIGH\|CRITICAL]` | Show only violations at the specified level or higher. |
| `--sca-scan` | Specify the SCA scan you wish to execute (`package-vulnerabilities`/`license-compliance`). The default is both. |
| `--monitor` | When specified, the scan results will be recorded in the knowledge graph. Please note that when working in `monitor` mode, the knowledge graph will not be updated as a result of SCM events (Push, Repo creation). (Supported for SCA scan type only). |
| `--report` | When specified, a violations report will be generated. A URL link to the report will be printed as an output to the command execution. |
| `--cycode-report` | When specified, displays a link to the scan report in the Cycode platform in the console output. |
| `--no-restore` | When specified, Cycode will not run restore command. Will scan direct dependencies ONLY! |
| `--sync` | Run scan synchronously (the default is asynchronous). |
| `--gradle-all-sub-projects` | When specified, Cycode will run gradle restore command for all sub projects. Should run from root project directory ONLY! |
| `--help` | Show options for given command. |

| Command | Description |
|----------------------------------------|-----------------------------------------------------------------|
| [commit_history](#commit-history-scan) | Scan all the commits history in this git repository |
| [commit-history](#commit-history-scan) | Scan all the commits history in this git repository |
| [path](#path-scan) | Scan the files in the path supplied in the command |
| [pre_commit](#pre-commit-scan) | Use this command to scan the content that was not committed yet |
| [pre-commit](#pre-commit-scan) | Use this command to scan the content that was not committed yet |
| [repository](#repository-scan) | Scan git repository including its history |

### Options
Expand Down Expand Up @@ -340,18 +339,15 @@ When using this option, the scan results from this scan will appear in the knowl
> [!WARNING]
> You must be an `owner` or an `admin` in Cycode to view the knowledge graph page.

#### Report Option
#### Cycode Report Option

> [!NOTE]
> This option is not available to IaC scans.

To push scan results tied to the [SCA policies](https://docs.cycode.com/docs/sca-policies) found in the Repository scan to Cycode, add the argument `--report` to the scan command.
For every scan performed using the Cycode CLI, a report is automatically generated and its results are sent to Cycode. These results are tied to the relevant policies (e.g., [SCA policies](https://docs.cycode.com/docs/sca-policies) for Repository scans) within the Cycode platform.

`cycode scan -t sca --report repository ~/home/git/codebase`
To have the direct URL to this Cycode report printed in your CLI output after the scan completes, add the argument `--cycode-report` to your scan command.

In the same way, you can push scan results of Secrets and SAST scans to Cycode by adding the `--report` option to the scan command.
`cycode scan --cycode-report repository ~/home/git/codebase`

When using this option, the scan results from this scan will appear in the On-Demand Scans section of Cycode. To get to this page, click the link that appears after the printed results:
All scan results from the CLI will appear in the CLI Logs section of Cycode. If you included the `--cycode-report` flag in your command, a direct link to the specific report will be displayed in your terminal following the scan results.

> [!WARNING]
> You must be an `owner` or an `admin` in Cycode to view this page.
Expand Down Expand Up @@ -467,25 +463,25 @@ A commit history scan is limited to a local repository’s previous commits, foc

To execute a commit history scan, execute the following:

`cycode scan commit_history {{path}}`
`cycode scan commit-history {{path}}`

For example, consider a scenario in which you want to scan the commit history for a repository stored in `~/home/git/codebase`. You could then execute the following:

`cycode scan commit_history ~/home/git/codebase`
`cycode scan commit-history ~/home/git/codebase`

The following options are available for use with this command:

| Option | Description |
|---------------------------|----------------------------------------------------------------------------------------------------------|
| `-r, --commit_range TEXT` | Scan a commit range in this git repository, by default cycode scans all commit history (example: HEAD~1) |
| `-r, --commit-range TEXT` | Scan a commit range in this git repository, by default cycode scans all commit history (example: HEAD~1) |

#### Commit Range Option

The commit history scan, by default, examines the repository’s entire commit history, all the way back to the initial commit. You can instead limit the scan to a specific commit range by adding the argument `--commit_range` (`-r`) followed by the name you specify.
The commit history scan, by default, examines the repository’s entire commit history, all the way back to the initial commit. You can instead limit the scan to a specific commit range by adding the argument `--commit-range` (`-r`) followed by the name you specify.

Consider the previous example. If you wanted to scan only specific commits in your repository, you could execute the following:

`cycode scan commit_history -r {{from-commit-id}}...{{to-commit-id}} ~/home/git/codebase`
`cycode scan commit-history -r {{from-commit-id}}...{{to-commit-id}} ~/home/git/codebase`

### Pre-Commit Scan

Expand Down Expand Up @@ -824,7 +820,7 @@ The following commands are available for use with this command:
| Command | Description |
|------------------|-----------------------------------------------------------------|
| `path` | Generate SBOM report for provided path in the command |
| `repository_url` | Generate SBOM report for provided repository URI in the command |
| `repository-url` | Generate SBOM report for provided repository URI in the command |

### Repository

Expand Down
4 changes: 4 additions & 0 deletions cycode/__main__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
from cycode.cli.consts import PROGRAM_NAME
from cycode.cli.main import app

app(prog_name=PROGRAM_NAME)
Loading