sl analyze

The analyze command allows you to run NG SAST and perform code analysis on your application.


To run: sl analyze [command options]

Command Options

Some command-related information can be stored as environment variables for easy reuse in future analyses. If so, this is indicated.

OptionEnvironment VariableDescription
--app <name>, -a <name>SHIFTLEFT_APP=<name>The name of your application
--analysis-timeout <timeout>SHIFTLEFT_ANALYSIS_TIMEOUT=<timeout>Specify the timeout (e.g. 15m) to be used for analysis. Default: 15 minutes (15m0s)
--cpgSHIFTLEFT_CPG=trueInstruct ShiftLeft to build the CPG locally and analyze the CPG (instead of the application code)
--csharpSHIFTLEFT_LANG_CSHARP=trueAnalyze an application written in C#
--dotnetIndicate that a C# application is using .NET
--dotnet-coreIndicate that a C# application is using .NET Core
--dotnet-frameworkIndicate that a C# application is using .NET Framework
--force, -fForce new analysis to prevent the use of a cached result
--git-remote-name <remote>Specify the remote to use (instead of origin) when including Git metadata with your application; ShiftLeft uses the remote repository to link identified vulnerabilities shown in the Dashboard to your source code
--goSHIFTLEFT_LANG_GO=trueAnalyze an application written in Go
--javaSHIFTLEFT_LANG_JAVA=trueAnalyze an application written in Java or Scala
--jsSHIFTLEFT_LANG_JS=trueAnalyze an application written in JavaScript/TypeScript
--no-vcs-metadataSpecify that Git metadata should NOT be sent to ShiftLeft; disables the automatic linking of identified vulnerabilities in the Dashboard to the source code in your version control repository
--policy <ID>Specify the policy NG SAST should use during analysis; if you don't set this, NG SAST uses the default policy
--pythonSHIFTLEFT_LANG_PYTHON=trueAnalyze an application written in Python
--remediation-configSuppress findings based on rules/patterns defined in the provided config file
--terraformAnalyze Terraform project
--tag<name>Create an application group so that multiple applications are displayed as groups in the Dashboard application group
--tag branch=<name>Provide the application branch that's displayed in the Dashboard
--vcs-prefix-correctionProvide filepath modifications so the Source Code View reflects your repo structure
--version-id <version>SHIFTLEFT_VERSION_ID=<version>Override default version with custom one (e.g. v1.2.3)
--wait, -wSHIFTLEFT_WAIT=trueWait for ShiftLeft NG SAST to finish analysis before returning control of the CLI