Meterian
  • Meterian
    • The Platform
    • SSO and MFA
    • Support
  • Codebase scanner
    • The Thin Client
      • How does the client work?
      • How does the client authenticate me?
      • How do I get the client?
      • What if I need a previous release?
      • Use the thin client on Windows
    • Using the client from your command line
      • Authorization in interactive mode
      • Interrupting the client
      • Example: running the client in interactive mode
    • Using the client in your CI/CD pipeline
      • Authorization in non-interactive mode
      • Providing the project branch
      • Concurrent mode
      • Two phases build
      • Controlling the exit code
      • Example: running the client in non-interactive mode
    • General operations
      • Running the analysis remotely
      • Interrupting the client
      • Generating a report
      • Forcing or avoiding specific scans
      • Excluding (and including) specific folders
      • Connecting through a proxy
    • System requirements
    • Command line parameters
      • General configuration
      • Overriding scores
      • Overriding scopes
      • Producing reports
      • Selecting scanners
      • Defining projects
      • Advanced options
        • Autofix
        • Pull Requests
      • System information
      • Specific controls
        • Maven specific controls
        • Dotnet specific controls
        • Npm/Yarn specific controls
        • Gradle specific controls
        • Ant/Ivy specific controls
    • The Dockerized Client
      • Basic usage
      • Advanced usage
        • Invoking via Docker
        • Platform-specific images
        • Usage on a CI/CD platform
        • Disable the client auto-update
      • Troubleshooting
        • Client auto update failure
        • Docker specifics
    • How scores work
    • Guide: your first scan!
      • Your first scan (java thin client)
      • Your first scan (dockerized client)
      • Your first scan (GitHub Action)
  • Scan behaviour matrix
  • THE METERIAN DASHBOARD
    • The Web Dashboard
      • Projects
      • Insights
      • Tokens
      • Badges
      • Policies
      • Tags
      • Teams
      • Configuration
        • Automatic Temporary Branches Clean-up
    • Advanced functionalities
      • Safe versions
      • Software Bill Of Materials (SBOM)
      • Auto-grouping
        • Domain auto-grouping
        • Github auto-grouping
      • How to set a vulnerability exclusion
        • From the report page
        • From the dashboard
        • The .meterian file
        • Generate the .meterian file
    • Troubleshooting
      • Login with credentials
  • Notifications
    • Sentinel
      • Notifications for Slack
      • Notifications for Email
    • Allerta
  • Github Badges
    • Introduction
    • Public repository
    • Private repository
  • ONLINE INTEGRATIONS
    • Introduction
    • GitHub Action
      • Using the Thin Client
      • Code scanning
    • Bitbucket Pipe
    • Azure DevOps Pipelines
  • Languages support
    • Introduction
    • C/C++
    • Clojure
    • Dart / Flutter
    • Elixir (erlang)
    • Golang
    • Java/Kotlin/Scala
      • Scanning EAR or WAR files
    • Javascript
    • .NET
      • Scanning DLLs
    • NodeJS
    • Perl
    • PHP
    • Python
    • R
    • Ruby
    • Rust
    • Swift / Objective-C
    • Generic (third party)
  • Special platfoms
  • Unity Packages
  • Jupyter Notebooks
    • License detection
  • Yocto license manifests
  • Container scanner
    • Container Scanner
      • Introduction
      • General usage
      • Command line parameters
        • General configuration
        • Overriding scores
        • Producing reports
        • Defining projects
        • Advanced Options
        • System information
      • How to set a vulnerability exclusion
  • IaC SCANNER
    • Introduction
    • General usage
    • Command line parameters
      • Producing reports
      • Defining projects
    • Policy management page
    • How to set a vulnerability exclusion
  • CI INTEGRATIONS
    • Introduction
    • AWS CodeBuild
    • Azure DevOps
      • Using the Docker image
      • Using the Java Thin client
    • Bamboo
    • Bitrise
    • CircleCI
    • CodeShip
    • Concourse CI
    • Generic CI
    • GitLab CI/CD
      • Docker-in-Docker configuration
      • Meterian Docker image configuration
      • Non-Meterian Docker image configuration
    • Jenkins
      • Pipeline
    • TeamCity
    • TravisCI
  • DevOps Integrations
    • GitLab Ultimate
    • SonarQube
      • Compatibility
      • Download and installation
      • Plugin properties
      • Usage
      • Report page
  • Management Platforms
    • Threadfix
    • DefectDojo
      • Uploading from a CI
    • Armorcode
    • Jira
  • Dedicated Instance
    • Introduction
    • On Cloud (MC/CC)
    • On Premises (OP)
      • Requirements and install
      • Managing the system
        • Admin dashboard
        • Managing your license
        • Managing accounts
    • Using the scanners
      • Thin client
      • Dockerized client
      • Container Scanner
      • IaC Scanner
  • Meterian API
  • API basics
  • Authorizing the APIs
  • Account APIs
    • Knowing your account
    • Listing your projects
  • Samples
  • Guides
    • Managing teams and members
    • Generating reports via APIs
Powered by GitBook
On this page

Was this helpful?

  1. Codebase scanner
  2. Using the client from your command line

Example: running the client in interactive mode

Let's run this example with a simple open source project you can find on GitHub; for this exercise let's assume also you already downloaded and stored the client under ~/apps/Meterian-cli.jar

First, let's clone the project from GitHub, for example Eclipse Vert.x:

$ git clone git@github.com:eclipse/vert.x.git

Cloning into 'vert.x'...
remote: Counting objects: 110122, done.
remote: Compressing objects: 100% (86/86), done.
remote: Total 110122 (delta 81), reused 145 (delta 61), pack-reused 109941
Receiving objects: 100% (110122/110122), 94.48 MiB | 1.20 MiB/s, done.
Resolving deltas: 100% (57513/57513), done.
Checking connectivity... done. 

Now, let's move into the folder and launch the client with the default configuration:

$ cd vert.x
$ java -jar ~/apps/meterian-cli.jar

Meterian Client v0.1
- running locally: yes
- interactive mode: on
- working on folder: /tmp/vert.x
Checking folder...
Folder /tmp/vert.x contains a viable project!
Authorizing the client...
I cannot find a valid authorization token: I will open the browser so
obtain one
Please login as usual with your selected credentials
Created new window in existing browser session. 

As you can see the client introduced itself and then, as it's the first time it is launched, is opens a new browser window for you to login with your credentials and authorize it. After a successful login the client will proceed to collect the dependencies, using your local Maven installation (you can also move this task server side, but it's a good idea to execute this step on your local environment). After collecting the dependencies it will upload them to the Meterian servers, where they will be analysed. The client will also output information about the status of the process.

Client successfully authorized
Loading build status...
No build running found!
Requesting build...
Build allowed
Running maven locally...
- maven: loading dependency tree...
- maven: dependencies generated...
Execution successful!
Uploading dependencies information - 63 found...
Done!
Starting build...
Current status: in preparation
Current status: "cleaning" - last updated at "2017-07-01T16:09:02.189"

When the work on the server is finished the client will emit the result of the analysis. The client will also output information about the status of the process, and provide you a link to access the report.

Final results:
- report: "OK"
- security: "0"
- stability: "88"
- timestamp: "2017-07-01 16:09:02"
Full report available at:
https://www.meterian.com/projects.html?pid=2fae2c4c-e22b-445c-a2cbcc7796d6c579&branch=master&login=true

Opening the link will force you through a login page: please make sure to use a set of credentials associated to your account to access, otherwise you will not be able to see the report.

PreviousInterrupting the clientNextUsing the client in your CI/CD pipeline

Last updated 5 years ago

Was this helpful?