Your first scan (java thin client)

How to use the dockerized client to execute your first scan

The thin client requires a Java Runtime Environment 1.8+ to run and does not include any standard SDK that is usually needed to produce the dependencies graph of your application. For example, if you want to analyse a Java project based on Maven, then Maven will have to be installed on your machine. The same happens if you want to analyse a .NET project: the .NET SDK will have to be installed and correctly configured on the machine you are running the client from. We expect developers to have their tools on their machines :) but in case they do not, please prefer using the dockerized version of the client, which includes also all the necessary tools.

This guide assumes you are working on a *nix environment: if you are using windows, please refer to the page "Use the thin client on Windows".

1. download the Java Thin Client from the Meterian cloud

curl > ~/meterian-cli.jar

2. set up the METERIAN_API_TOKEN environment variable with one of tokens available in the account, or create a new one. We also suggest you add this to your .bashrc

export METERIAN_API_TOKEN=your-token-uuid-here

3. launch the client once to validate everything is working properly (note: the first time the thin client may also be downloaded)

java -jar ~/meterian-cli.jar --version 

Meterian Client v1.2.24.5, build 51bcad7-764

4. move into the folder you have your codebase and execute the client

java -jar ~/meterian-cli.jar

© 2017-2022 Meterian Ltd - dockerized version
Meterian Client v1.2.24.5, build 51bcad7-764
© 2017-2022 Meterian Ltd - All rights reserved

System information:
- running locally:   yes
- interactive mode:  off
- working on folder: /home/john/projects/zxing
- autofix mode:      off

Checking folder...
Folder /workspace contains a viable project!

Authorizing the client...
Client successfully authorized

Account: "Acme Team Account"
- Minimum scores:  
  - security:  90
  - stability: 90
  - licensing: 90
- Analysis scopes:  
  - security:  packaged components
  - stability: all components
  - licensing: all components

Project information:
- url:
- branch: local
- commit: 708b14bef82a087dd0fefbada81398dd2100366c

Java scan - running maven locally...
- maven: loading dependency tree...
- maven: loading dependency tree (alternate)...
- maven: dependencies generated...
Execution successful!

Uploading dependencies information - 23 found...

Starting build...
Current build status: initialized - the project has been classified as opensource
Current build status: in preparation
Current build status: process advices at 2022-06-13T15:41:33.660

Final results: 
- security:	85	(minimum: 90)
- stability:	98	(minimum: 90)
- licensing:	100	(minimum: 90)

Full report available at:

Build unsuccessful!
Failed checks: [security]

All done! You can click on the link and see the final report in HTML. you can also ask the system to generate, for example, a console report adding to the command "--console-report" to see immediately all the information. To learn more about it, see the section "Command line parameters".

You can also setup a simple script that will automatically update your client if required:

curl -s -o "~/meterian-cli.jar" -z "~/meterian-cli.jar" "" >/dev/null
java -jar ~/meterian-cli.jar $* 

Last updated