Skip to content

Analyze Command

Jump to bottom
Pavel Bansky edited this page Dec 26, 2017 · 26 revisions 
Usage: devskim analyze [arguments] [options]

Arguments:
  [path]    Path to source code
  [output]  Output file

Options:
  -?|-h|--help               Show help information
  -f|--file-format           Output file format: [text,json,sarif]
  -o|--output-format         Output text format
  -s|--severity              Severity: [critical,important,moderate,practice,review]
  -r|--rules                 Rules to use
  -i|--ignore-default-rules  Ignore rules bundled with DevSkim

Output format options:
    %F      file path
    %L      start line number
    %C      start column
    %l      end line number
    %c      end column
    %I      location inside file
    %i      match length
    %m      match
    %R      rule id
    %N      rule name
    %S      severity
    %D      issue description
    %T      tags(comma-separated)

Analyze command scans the source directory for potential issues, using default or external set of rules. Detected issues in source files are displayed to standard error output. If not specified the default severity levels for issues are [critical, important, moderate, practice].

# Easiest way to scan
devskim analyze /home/user/myproject

Custom rules and severity

In order to look only for issues with certain severity (critical, important etc..) there is a -s|--severity switch. See the following example:

devskim analyze /home/user/myproject -s critical -s important

When using custom rules the -r|--rules switch needs to be used. Each --rules switch defines a directory with rules. In case of using the external rules only the -i|--ignore-default-rules switch is used to prevent DevSkim from loading the default set of rules.

# use default rules AND custom rules
devskim analyze /home/user/myproject -r /my/rules/directory -r /my/other/rules

# use only custom rules
devskim analyze /home/user/myproject -r /my/rules/directory -r /my/other/rules -i

Output file and format

DevSkim scan results can be stored in a file in several formats [text, json, sarif]. If no output file is specified, then standard output is being used.

# simple output to a file (text)
devskim analyze /home/user/myproject results.txt

# simple output to a file (text) explicit
devskim analyze /home/user/myproject results.txt -f text

# simple output to a file (json)
devskim analyze /home/user/myproject results.txt -f json

# simple output to a file (sarif)
devskim analyze /home/user/myproject results.txt -f sarif

Custom output format

Output format can be customized using -o|--output-format switch. In case text format the switch accepts free formated text where special control sequences are being replaced with issue specific information.

# Output file name and issue number 
devskim analyze /home/user/myproject results.txt -f text -o "%F [%R]"

# Output file name, line and column and issue name
devskim analyze /home/user/myproject results.txt -f text -o "%F:%L:%C - %N"

# Output into .csv file
devskim analyze /home/user/myproject results.txt -f text -o "%F,%L,%C,%R"

When using json format, the --output-format switch is used to specify the list of json object properties

# Output file name and issue number 
devskim analyze /home/user/myproject results.json -f json -o %F%R

# Output file name, line and column and issue name
devskim analyze /home/user/myproject results.json -f json -o %F%L%C%N

Index

Clone this wiki locally