sl analyze Options

sl analyze option

Environment Variable


--app <name>, -a <name>


Associate ShiftLeft Inspect analysis with the application of this name. This application name is also used by the ShiftLeft Dashboard.

--analysis-timeout timeout


Requested timeout (e.g. '15m') to be used for analysis (may be reduced by backend). If the timeout parameter is not set, the default is 15 minutes (15m0s).



Submit application for ShiftLeft Inspect analysis using the Code Property Graph (CPG) mode. This mode builds the CPG locally (on your machine) and then uploads the CPG, rather than the code, to the ShiftLeft cloud for analysis.



Analyze C# code.


Use .NET Core. (Only valid for C#.)


Use .NET Framework. (Only valid for C#.)


Force new analysis (instead of using a cached result) and upload.


Specifies the remote to use instead of origin when sending Git metadata with your application. ShiftLeft will use the remote repository to automatically link identified vulnerabilities in the UI to your source code



Analyze Golang code.



Analyze Java code (implicit).



Disable CPG mode.


Specifies that Git metadata should NOT be sent to ShiftLeft. Disables the automatic linking of identified vulnerabilities in the ShiftLeft UI to the source code in your version control repository

--policy ID

The ShiftLeft Policy ID used by ShiftLeft. If not set, the default Policy is used.



Path of the ShiftLeft Inspect configuration file shiftleft.json. Defaults to shiftleft.json (in the current working directory).


Displays in the ShiftLeft Dashboard an application group, made up of the individual applications or microservices of the application.

--tag branch=<name>

Displays in the ShiftLeft Dashboard the application branch. <name> is the name of the branch.

--wait, -w


Wait for ShiftLeft Inspect to finish analysis before returning control.