Versions Compared

Old Version 10

changes.mady.by.user Marco Security

Saved on

compared with

New Version 11

changes.mady.by.user Laura Mandolini

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Command Line Interface is provided through some basic commands:

SRCheck

To launch the a Local Scan. It provides the following arguments:

...

-proxy=PROXYIP -proxyport=PROXYTCPPORT -user=USERNAME -pwd=PASSWORD

SRsetOPT

SRsetOPT to To set the Analysis and Language Options before scanning for locating Java JDK, COBOL copybooks folder, and Ruby executable. Please note that each argument needs “=”. It provides the following arguments:

-l=LANGUAGE -p=PATH

Where:

LANGUAGE can be java or cobol or ruby

PATH

For JAVA is the java executable location, for example “C:\Program Files\Java\jdk-11.0.11\bin” or “/usr/bin/”. For Ruby is the Ruby installation path, for example “C:\ruby193” (Not needed under Linux).

For COBOL is the CopyBook folder, for example “D:\_COPY” or ”/home/user1/src/copybooks”.-p -Path="MyPath"

Generic

 -RootSource -RootSource="MyRootSource"  Default Source code folder

 -LineBefore Default="5"  

 -LineAfter Default="4"

 -WarningTimeOut Default="120"

 -MaxVulnerabilitiesLineCode Default="3"

 -MaxVulnerabilityIssues Default="1500"

 -TrustedApplication Default="false"

 -ConsoleApplication Default="true"

 -DBQueries Default="true"

 -Environmentvariables Default="false"

 -Socket Default="false"

 -Servlet Default="false"

 -PlainTextFilesStreams Default="false"

 -InternetApplication Default="false"

 -NoDeadPartialClasses Default="false"

 -ApplyExclusionsList Default="true"

JAVA

 -FolderJava -FolderJava="MyFolderJava"

 Folder where java executable is located

RUBY

 -FolderRuby Default="MyFolderRuby"

COBOL

 -TargetCOBOL Default="0"

----->  0-IBM z/OS Enterprise COBOL

----->  1-IBM ILE COBOL (iSeries)

----->  2-Visual COBOL (Microfocus)

----->  3-NetCOBOL (Fujitsu/GTSoftware)

----->  4-GnuCOBOL (formerly openCOBOL)

----->  5-MCP (Unisys)

----->  6-Teradata IMS COBOL

----->  7-COBOL-IT

----->  8-RainCode COBOL

----->  9-Elastic COBOL

-----> 10-Veryant isCOBOL Evolve

 -StatementsLength Default="0"

-----> 0-88

-----> 1-132

-----> 2-Free Format

 -UntrustedWorkingStorage Default="false"

 -AllowCICS Default="false"

 -CopyBookFolder -CopyBookFolder="MyCopyBookFolder"

Centralized Folder on which copybooks files are located

C/C++

 -Standard Default="0"

 -TargetPlattform Default="0"

-----> 0-Generic

-----> 1-Embedded

-----> 2-Unix/Linux 32

-----> 3-Unix/Linux 64

-----> 4-Win32A (ASCII)

-----> 5-Win32W (UNICODE)

-----> 6-Win64

TargetPlattform: Generic -> Standard

----->  0-Generic

----->  1-posix

----->  2-c89

----->  3-c99

----->  4-c11

----->  5-c17

----->  6-c++03

----->  7-c++11

----->  8-c++14

----->  9-c++17

-----> 10-c++20

TargetPlattform: Embedded -> Standard

----->  1-ARM RealView

----->  2-ARC MQX Synopsys

----->  3-Atmel AVR Studio

----->  4-Atollic True Studio

----->  5-Avocet ProTools

----->  6-Batronix uC51

----->  7-BiPOM Electronics

----->  8-Byte Craft eTPU C

----->  9-CCS PIC/dsPIC/DSC

-----> 10-Ceibo-8051C++

-----> 11-CodeWarrior

-----> 12-Cosmic Software

-----> 13-Crossware

-----> 14-ELLCC C/C++

-----> 15-GCC C/C++

-----> 16-Green Hills Multi

-----> 17-HighTec C/C++

-----> 18-IAR C/C++

-----> 19-INRIA CompCert

-----> 20-Intel C/C++

-----> 21-Introl C Compiler

-----> 22-Keil ARM C/C++

-----> 23-Mentor Graphics CodeSourcery

-----> 24-Microchip MPLAB

-----> 25-MikroC Pro

-----> 26-NXP

-----> 27-Renesas HEW

-----> 28-SDCC

-----> 29-Softools Z/Rabbit

-----> 30-Tasking ESD

-----> 31-Texas Instruments CodeComposer

-----> 32-Z World Dynamic C 32

-----> 33-WDC 8/16-bit

-----> 34-Wind River C/C++

TargetPlattform: Unix/Linux 32 or Unix/Linux 64 -> Standard

----->   0-GCC v12.x

----->   1-GCC v11.x

----->   2-GCC v10.x

----->   3-GCC v9.x

----->   4-GCC v8.x

----->   5-GCC v7.x

----->   6-GCC v6.x

----->   7-GCC v5.4

----->   8-GCC v5.0

----->   9-GCC v4.9.x

----->  10-GCC v4.8.3

----->  11-GCC v4.8

----->  12-CC v4.7.4

----->  13-GCC v4.4

----->  14-GCC v3.0-4.7

----->  15-GCC v2.2

----->  16-IBM XL C/C++ 17.x

----->  17-IBM XL C/C++ 16.1

----->  18-IBM XL C/C++ 12.1-13.1.3

----->  19-IBM AIX XL C/C++ 7.0-11.1

----->  20-IBM AIX XL C/C++ 13.1

----->  21-IBM AIX XL C/C++ 12.1

----->  22-HP C/aC++ v5

----->  23-HP C/aC++ v6

----->  24-Sun Pro C/C++ 5.1-5.5 (Sun Workshop 6/Sun ONE/Forte Developer)

----->  25-Sun Pro C/C++ 5.5-5.8 (Sun Studio)

----->  26-Sun Pro C/C++ 5.9-5.13 (Oracle Solaris Studio)

----->  27-LLVM Clang 10.x-14.x

----->  28-LLVM Clang 9.x

----->  29-LLVM Clang 8.x

----->  30-LLVM Clang 7.0.x

----->  31-LLVM Clang 4.0.0-6.0.1

----->  32-LLVM Clang 3.4.2

----->  33-LLVM Clang 3.x

----->  34-LLVM Clang 2.9

TargetPlattform: Win32A (ASCII) or Win32W (UNICODE) or Win64-> Standard

----->   0-Visual Studio 6.0

----->   1-Visual Studio 2003

----->   2-Visual Studio 2005

----->   3-Visual Studio 2008

----->   4-Visual Studio 2010

----->   5-Visual Studio 2012

----->   6-Visual Studio 2013

----->   7-Visual Studio 2015

----->   8-Visual Studio 2017

----->   9-Visual Studio 2019

----->  10-Visual Studio 2022

----->  11-Embarcadero C++ Builder (Borland and RAD Studio)

 -MISRA Default="false"

 -CERT Default="false"

 -tenant Tenant: Default="Tenant"

 -h View this Usage

Remote Scan

The scan is invoked by a client (for example Jenkins, GitLab, etc.) but the analysis will be executed remotely on Static Reviewer. TRScan CLI must be located at client side.

·         TRScan

-a, --application APPLICATION is the name of the App you want to scan. If contains spaces or “-“ must be double quoted

-v, --version VERSION. Version of App. If contains spaces or “-“ must be double quoted

-z --spath FOLDERTOSCAN. The pathname of the source code folder to scan. If contains spaces or “-“ must be double quoted

-m, --mobile Specify in case of Mobile App only

-t, --truri Team Reviewer url

-p, --port Team Reviewer TCP Port

-k, --apikey Team Reviewer API Key

-r, --ruleset (Mandatory) use CWE to force CWE Security Ruleset or OWASP

-u, --proxyuser

-w, --proxypasswd

-y, --proxyport

-i, --proxyuri

-c, --components pathname of an XML file describing components. See related chapter below. If the path contains spaces or “-“ must be double quoted

-s, --secfp pathname of Security False Positives CSV file, to be imported from a previous scan.  If the path contains spaces or “-“ must be double quoted

-d, --deadfp pathname of Dead Code-Best Practices False Positives CSV file, to be imported from a previous scan. If the path contains spaces or “-“ must be double quoted

-e, --exclusion pathname of TXT file including the exclusion list. For the file format see the related chapter below. If the path contains spaces or “-“ must be double quoted

-r RULESET (Mandatory) use CWE to force CWE Security Ruleset or OWASP

-f CUSTOMSEC pathname of Custom Security Ruleset .rls file

-q CUSTOMDEAD pathname of Custom Dead Code-Best Practices Ruleset .rls file

-l, --srresults path on which analysis results will be stored

-h, --results path on which analysis reports will be stored

-j, --logs path on which analysis logs will be stored

-n, --skippdf to skip the report creation

-o, --onlysec to run Security analysis only, excluding Deadcode and Quality analysis

-x, --noexclusion Do not apply exclusions

-b, --verbose Verbose mode

-g, --debug Debug mode

 

Example:

TRScan -a "MYAPP" -v "$(date +"%Y%m%d-%H%M")" -z "SRC/MYAPP" -t https://teamreviewer.local -p 443 -k 4a5ecc953710dc021cf0dee5b80af1d35cc2d60c -r OWASP -u johndoe -w secret -y 3128 -i http://proxy.local -b -o

Software Composition Analysis

...

Team Reviewer is our default Dashboard. All features provided by the Web GUI are invokable via REST API, including Admin tasks. Team Reviewer provides a JAVA tool for invoking REST API via Command Line.

...

COPYRIGHT (C) 2014-2022 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.