Your first scan (dockerized client)

How to use the dockerized client to execute your first scan
The Dockerized Client requires your environment to have docker support: everything else is provided in the docker image, as it contains the Java runtime plus all the required tools for the full range of platforms supported by the Meterian platform.
This guide assumes you are working on a *nix environment: if you are using windows, docker may work slightly differently. Please refer to the page "Use the thin client on Windows".
​
1.  pull the docker scanner official image
$ docker pull meterian/cli:latest
2.  download the simplified script to run the docker image and make it executable
$ curl https://raw.githubusercontent.com/MeterianHQ/meterian-scanner-docker/master/scripts/meterian-docker > ~/meterian; chmod +x ~/meterian
3. set up the METERIAN_API_TOKEN environment variable with one of tokens available in the account, or create a new one. We also suggest you add this to your .bashrc​
export METERIAN_API_TOKEN=your-token-uuid-here
4. launch the client once to validate everything is working properly 
(note: the first time the thin client may also be downloaded)
$ ~/meterian --version 
​
Meterian Client v1.2.24.5, build 51bcad7-764
© 2017-2022 Meterian Ltd - dockerized version 2.3.53.699s
5. move into the folder you have your codebase and execute the client
$ ~/meterian
​
© 2017-2022 Meterian Ltd - dockerized version 2.3.53.699
Meterian Client v1.2.24.5, build 51bcad7-764
© 2017-2022 Meterian Ltd - All rights reserved
​
System information:
- running locally:   yes
- interactive mode:  off
- working on folder: /workspace
- autofix mode:      off
​
Checking folder...
Folder /workspace contains a viable project!
​
Authorizing the client...
Client successfully authorized
​
Account: "Acme Team Account"
- Minimum scores:  
  - security:  90
  - stability: 90
  - licensing: 90
- Analysis scopes:  
  - security:  packaged components
  - stability: all components
  - licensing: all components
​
Project information:
- url:    https://github.com/zxing/zxing
- branch: local
- commit: 708b14bef82a087dd0fefbada81398dd2100366c
​
Java scan - running maven locally...
- maven: loading dependency tree...
- maven: loading dependency tree (alternate)...
- maven: dependencies generated...
Execution successful!
​
Uploading dependencies information - 23 found...
Done!
​
Starting build...
Current build status: initialized - the project has been classified as opensource
Current build status: in preparation
Current build status: process advices at 2022-06-13T15:41:33.660
​
Final results: 
- security:	85	(minimum: 90)
- stability:	98	(minimum: 90)
- licensing:	100	(minimum: 90)
​
Full report available at: 
https://www.meterian.com/projects/?pid=...&branch=local&mode=eli
​
Build unsuccessful!
Failed checks: [security]
​
All done! You can click on the link and see the final report in HTML. you can also ask the system to generate, for example, a console report adding to the command "--console-report" to see immediately all the information. To learn more about it, see the section "Command line parameters".
​
Your first scan (java thin client)
Your first scan (GitHub Action)
Last modified 1yr ago