Your first scan (java thin client)

How to use the dockerized client to execute your first scan
The thin client requires a Java Runtime Environment 1.8+ to run and does not include any standard SDK that is usually needed to produce the dependencies graph of your application.  For example, if you want to analyse a Java project based on Maven, then Maven will have to be installed on your machine. The same happens if you want to analyse a .NET project: the .NET SDK will have to be installed and correctly configured on the machine you are running the client from. We expect developers to have their tools on their machines :) but in case they do not, please prefer using the dockerized version of the client, which includes also all the necessary tools.
This guide assumes you are working on a *nix environment: if you are using windows, please refer to the page "Use the thin client on Windows".
​
1. download the Java Thin Client from the Meterian cloud
curl https://www.meterian.io/downloads/meterian-cli.jar > ~/meterian-cli.jar
2. set up the METERIAN_API_TOKEN environment variable with one of tokens available in the account, or create a new one. We also suggest you add this to your .bashrc​
export METERIAN_API_TOKEN=your-token-uuid-here
3. launch the client once to validate everything is working properly 
(note: the first time the thin client may also be downloaded)
java -jar ~/meterian-cli.jar --version 
​
Meterian Client v1.2.24.5, build 51bcad7-764
​
4. move into the folder you have your codebase and execute the client
java -jar ~/meterian-cli.jar
​
© 2017-2022 Meterian Ltd - dockerized version 2.3.53.699
Meterian Client v1.2.24.5, build 51bcad7-764
© 2017-2022 Meterian Ltd - All rights reserved
​
System information:
- running locally:   yes
- interactive mode:  off
- working on folder: /home/john/projects/zxing
- autofix mode:      off
​
Checking folder...
Folder /workspace contains a viable project!
​
Authorizing the client...
Client successfully authorized
​
Account: "Acme Team Account"
- Minimum scores:  
  - security:  90
  - stability: 90
  - licensing: 90
- Analysis scopes:  
  - security:  packaged components
  - stability: all components
  - licensing: all components
​
Project information:
- url:    https://github.com/zxing/zxing
- branch: local
- commit: 708b14bef82a087dd0fefbada81398dd2100366c
​
Java scan - running maven locally...
- maven: loading dependency tree...
- maven: loading dependency tree (alternate)...
- maven: dependencies generated...
Execution successful!
​
Uploading dependencies information - 23 found...
Done!
​
Starting build...
Current build status: initialized - the project has been classified as opensource
Current build status: in preparation
Current build status: process advices at 2022-06-13T15:41:33.660
​
Final results: 
- security:	85	(minimum: 90)
- stability:	98	(minimum: 90)
- licensing:	100	(minimum: 90)
​
Full report available at: 
https://www.meterian.com/projects/?pid=...&branch=local&mode=eli
​
Build unsuccessful!
Failed checks: [security]
​
All done! You can click on the link and see the final report in HTML. you can also ask the system to generate, for example, a console report adding to the command "--console-report" to see immediately all the information. To learn more about it, see the section "Command line parameters".
You can also setup a simple script that will automatically update your client if required:
#!/bin/sh 
curl -s -o "~/meterian-cli.jar" -z "~/meterian-cli.jar" "https://www.meterian.io/downloads/meterian-cli.jar" >/dev/null
java -jar ~/meterian-cli.jar $* 
​
Codebase scanner - Previous
Guide: your first scan!
Your first scan (dockerized client)
Last modified 1yr ago