Meterian
  • Meterian
    • The Platform
    • SSO and MFA
    • Support
  • Codebase scanner
    • The Thin Client
      • How does the client work?
      • How does the client authenticate me?
      • How do I get the client?
      • What if I need a previous release?
      • Use the thin client on Windows
    • Using the client from your command line
      • Authorization in interactive mode
      • Interrupting the client
      • Example: running the client in interactive mode
    • Using the client in your CI/CD pipeline
      • Authorization in non-interactive mode
      • Providing the project branch
      • Concurrent mode
      • Two phases build
      • Controlling the exit code
      • Example: running the client in non-interactive mode
    • General operations
      • Running the analysis remotely
      • Interrupting the client
      • Generating a report
      • Forcing or avoiding specific scans
      • Excluding (and including) specific folders
      • Connecting through a proxy
    • System requirements
    • Command line parameters
      • General configuration
      • Overriding scores
      • Overriding scopes
      • Producing reports
      • Selecting scanners
      • Defining projects
      • Advanced options
        • Autofix
        • Pull Requests
      • System information
      • Specific controls
        • Maven specific controls
        • Dotnet specific controls
        • Npm/Yarn specific controls
        • Gradle specific controls
        • Ant/Ivy specific controls
    • The Dockerized Client
      • Basic usage
      • Advanced usage
        • Invoking via Docker
        • Platform-specific images
        • Usage on a CI/CD platform
        • Disable the client auto-update
      • Troubleshooting
        • Client auto update failure
        • Docker specifics
    • How scores work
    • Guide: your first scan!
      • Your first scan (java thin client)
      • Your first scan (dockerized client)
      • Your first scan (GitHub Action)
  • Scan behaviour matrix
  • THE METERIAN DASHBOARD
    • The Web Dashboard
      • Projects
      • Insights
      • Tokens
      • Badges
      • Policies
      • Tags
      • Teams
      • Configuration
        • Automatic Temporary Branches Clean-up
    • Advanced functionalities
      • Safe versions
      • Software Bill Of Materials (SBOM)
      • Auto-grouping
        • Domain auto-grouping
        • Github auto-grouping
      • How to set a vulnerability exclusion
        • From the report page
        • From the dashboard
        • The .meterian file
        • Generate the .meterian file
    • Troubleshooting
      • Login with credentials
  • Notifications
    • Sentinel
      • Notifications for Slack
      • Notifications for Email
    • Allerta
  • Github Badges
    • Introduction
    • Public repository
    • Private repository
  • ONLINE INTEGRATIONS
    • Introduction
    • GitHub Action
      • Using the Thin Client
      • Code scanning
    • Bitbucket Pipe
    • Azure DevOps Pipelines
  • Languages support
    • Introduction
    • C/C++
    • Clojure
    • Dart / Flutter
    • Elixir (erlang)
    • Golang
    • Java/Kotlin/Scala
      • Scanning EAR or WAR files
    • Javascript
    • .NET
      • Scanning DLLs
    • NodeJS
    • Perl
    • PHP
    • Python
    • R
    • Ruby
    • Rust
    • Swift / Objective-C
    • Generic (third party)
  • Special platfoms
  • Unity Packages
  • Jupyter Notebooks
    • License detection
  • Yocto license manifests
  • Container scanner
    • Container Scanner
      • Introduction
      • General usage
      • Command line parameters
        • General configuration
        • Overriding scores
        • Producing reports
        • Defining projects
        • Advanced Options
        • System information
      • How to set a vulnerability exclusion
  • IaC SCANNER
    • Introduction
    • General usage
    • Command line parameters
      • Producing reports
      • Defining projects
    • Policy management page
    • How to set a vulnerability exclusion
  • CI INTEGRATIONS
    • Introduction
    • AWS CodeBuild
    • Azure DevOps
      • Using the Docker image
      • Using the Java Thin client
    • Bamboo
    • Bitrise
    • CircleCI
    • CodeShip
    • Concourse CI
    • Generic CI
    • GitLab CI/CD
      • Docker-in-Docker configuration
      • Meterian Docker image configuration
      • Non-Meterian Docker image configuration
    • Jenkins
      • Pipeline
    • TeamCity
    • TravisCI
  • DevOps Integrations
    • GitLab Ultimate
    • SonarQube
      • Compatibility
      • Download and installation
      • Plugin properties
      • Usage
      • Report page
  • Management Platforms
    • Threadfix
    • DefectDojo
      • Uploading from a CI
    • Armorcode
    • Jira
  • Dedicated Instance
    • Introduction
    • On Cloud (MC/CC)
    • On Premises (OP)
      • Requirements and install
      • Managing the system
        • Admin dashboard
        • Managing your license
        • Managing accounts
    • Using the scanners
      • Thin client
      • Dockerized client
      • Container Scanner
      • IaC Scanner
  • Meterian API
  • API basics
  • Authorizing the APIs
  • Account APIs
    • Knowing your account
    • Listing your projects
  • Samples
  • Guides
    • Managing teams and members
    • Generating reports via APIs
Powered by GitBook
On this page

Was this helpful?

  1. Codebase scanner
  2. The Thin Client

Use the thin client on Windows

PreviousWhat if I need a previous release?NextUsing the client from your command line

Last updated 2 years ago

Was this helpful?

Install the Java Runtime

The Java Thin Client requires a working copy of the JRE (Java Runtime Environment) that can be freely downloaded from and installed with a wizard. It can also be simply unpacked and referenced in the PATH variable from a standard archive which can be downloaded from (see detailed instruction there).

To check that everything is working correctly after installing the JRE we can run "java --version" from either PowerShell or the standard Windows Command Prompt

PS C:\Users\John> java -version 
java version "1.8.0_271"
Java(TM) SE Runtime Environment (build 1.8.0_271-b09) 
Java HotSpot(TM) Client VM (build 25.271-b09, mixed mode, sharing)
C:\Users\John>java -version
java version "1.8.0_271"
Java(TM) SE Runtime Environment (build 1.8.0_271-b09)
Java HotSpot(TM) Client VM (build 25.271-b09, mixed mode, sharing)

At some point, as usual, Windows may ask you for permissions to execute the Java runtime: please allow the execution.

Download the Java Thin Client

PS C:\Users\John> java -jar C:\Users\John\Downloads\meterian-cli.jar --version
1.2.11.4.210e362-473
C:\Users\John>java -jar C:\Users\John\Downloads\meterian-cli.jar --version
1.2.11.4.210e362-473

The client promptly answers with its version number (please note that this may be different from the one shown here).

Executing the first analysis

Now we also need some code to verify that an analysis can be executed: make sure you have such project and also the tools required to compile, as the thin client does not contain any development tools.

Now you just move into such folder and run the client with "java -jar" followed with the full path to the newly downloaded meterian client file. If this is not a project managed bit a source control system (for example if you downloaded the sample project) you will also need to specify a "--project-url=" followed with a unique name or URL to identify your project later on your Dashboard.

C:\Users\John> cd \Users\John\Projects\Example

C:\Users\John\Projects\Example> java -jar C:\Users\Bruno\Downloads\meterian-cli.jar --project-url=sample

If this is the first time you have ever used the client the system will open a new browser window asking you to authenticate to the Meterian platform:

PS C:\Users\John> set METERIAN_API_TOKEN=your-token-uuid-here

The client will proceed in the analysis, providing progress information, and at the end, it will also provide an URL of the project it was just scanned: You can open that URL with any browser and see the results of the analysis, the client will display only the resulting scores

PS C:\Users\John\Projects\Example> java -jar C:\Users\Bruno\Downloads\meterian-cli.jar --project-url=sample

Meterian Client v1.2.11.4, build 210e362-473
All rights reserved
- running locally:   yes
- interactive mode:  on
- working on folder: C:\Users\John\Projects\Example
- autofix mode:      off

Checking folder...
Folder C:\Users\John\Projects\Example contains a viable project!

Authorizing the client...
Client successfully authorized

Account: "Meterian Team Account"
- Minimum scores:
  - security:  90
  - stability: 90
  - licensing: 90
- Analysis scopes:
  - security:  packaged components
  - stability: all components
  - licensing: all components

Loading build status...
No build running found!

Requesting build...
Build allowed

Project information:
- url:    sample
- branch: head
- commit: n/a

NodeJS scan - running npm version 6.14.6 locally...
- npm: npm dependencies succesfully generated from package.lock...
Execution successful!

Uploading dependencies information - 2 found...
Done!

Starting build...
Current build status: in preparation
Current build status: process advices at 2020-12-14T22:09:01.418

Final results:
- security:     100     (minimum: 90)
- stability:    100     (minimum: 90)
- licensing:    100     (minimum: 90)

Full report available at:
https://www.meterian.com/projects/?pid=6ad085de-c701-4f6f-93cb-ef3672f6a2a9&branch=head&mode=eli

Build successful!

Congratulations! Your installation on Windows is complete.

What if maven is not executing?

PS C:\Users\John> java -Dmaven.binary="%MAVEN_HOME%\bin\mvn.cmd" -jar C:\Users\Bruno\Downloads\meterian-cli.jar 

To use the client first of all , it will be put under your standard Windows "Downloads" folder. Now let's verify that everything is working as expected, launching the client for the first time and asking it to print its version. As you can see we are using the command "java -jar" followed with the full path to the newly downloaded meterian client file ("C:\Users\John\Downloads\meterian-cli.jar") and the command "--version"

Alternatively, you can alsoset up the METERIAN_API_TOKEN environment variable with one of , or create a new one.

It may happen if your maven installation is non-standard. In that situation you need to inform the client about where the maven binary is and how it's called, this can be done using one of the , maven.binary, like in this example:

download the latest version
tokens available in the account
Maven specific controls
java.co
m
openjdk.net
Allowing the execution of the Java runtime
A new browser window is opened to authenticate the user