Your first scan (java thin client)
How to use the dockerized client to execute your first scan
The thin client requires a Java Runtime Environment 1.8+ to run and does not include any standard SDK that is usually needed to produce the dependencies graph of your application. For example, if you want to analyse a Java project based on Maven, then Maven will have to be installed on your machine. The same happens if you want to analyse a .NET project: the .NET SDK will have to be installed and correctly configured on the machine you are running the client from. We expect developers to have their tools on their machines :) but in case they do not, please prefer using the dockerized version of the client, which includes also all the necessary tools.
This guide assumes you are working on a *nix environment: if you are using windows, please refer to the page "Use the thin client on Windows".
1. download the Java Thin Client from the Meterian cloud
curl https://www.meterian.io/downloads/meterian-cli.jar > ~/meterian-cli.jar
2. set up the METERIAN_API_TOKEN environment variable with one of tokens available in the account, or create a new one. We also suggest you add this to your .bashrc
export METERIAN_API_TOKEN=your-token-uuid-here
3. launch the client once to validate everything is working properly
(note: the first time the thin client may also be downloaded)
java -jar ~/meterian-cli.jar --version
Meterian Client v1.2.24.5, build 51bcad7-764
4. move into the folder you have your codebase and execute the client
java -jar ~/meterian-cli.jar
© 2017-2022 Meterian Ltd - dockerized version 2.3.53.699
Meterian Client v1.2.24.5, build 51bcad7-764
© 2017-2022 Meterian Ltd - All rights reserved
System information:
- running locally: yes
- interactive mode: off
- working on folder: /home/john/projects/zxing
- autofix mode: off
Checking folder...
Folder /workspace contains a viable project!
Authorizing the client...
Client successfully authorized
Account: "Acme Team Account"
- Minimum scores:
- security: 90
- stability: 90
- licensing: 90
- Analysis scopes:
- security: packaged components
- stability: all components
- licensing: all components
Project information:
- url: https://github.com/zxing/zxing
- branch: local
- commit: 708b14bef82a087dd0fefbada81398dd2100366c
Java scan - running maven locally...
- maven: loading dependency tree...
- maven: loading dependency tree (alternate)...
- maven: dependencies generated...
Execution successful!
Uploading dependencies information - 23 found...
Done!
Starting build...
Current build status: initialized - the project has been classified as opensource
Current build status: in preparation
Current build status: process advices at 2022-06-13T15:41:33.660
Final results:
- security: 85 (minimum: 90)
- stability: 98 (minimum: 90)
- licensing: 100 (minimum: 90)
Full report available at:
https://www.meterian.com/projects/?pid=...&branch=local&mode=eli
Build unsuccessful!
Failed checks: [security]
All done! You can click on the link and see the final report in HTML. you can also ask the system to generate, for example, a console report adding to the command "
--console-report
" to see immediately all the information. To learn more about it, see the section "Command line parameters".You can also setup a simple script that will automatically update your client if required:
#!/bin/sh
curl -s -o "~/meterian-cli.jar" -z "~/meterian-cli.jar" "https://www.meterian.io/downloads/meterian-cli.jar" >/dev/null
java -jar ~/meterian-cli.jar $*