-
Notifications
You must be signed in to change notification settings - Fork 114
Analyze Command
Usage: devskim analyze [arguments] [options]
Arguments:
[path] Path to source code
[output] Output file
Options:
-?|-h|--help Show help information
-f|--file-format Output file format: [text,json,sarif]
-o|--output-format Output text format
-s|--severity Severity: [critical,important,moderate,practice,review]
-r|--rules Rules to use
-i|--ignore-default-rules Ignore rules bundled with DevSkim
Output format options:
%F file path
%L start line number
%C start column
%l end line number
%c end column
%I location inside file
%i match length
%m match
%R rule id
%N rule name
%S severity
%D issue description
%T tags(comma-separated)Analyze command scans the source directory for potential issues, using default or external set of rules. Detected issues in source files are displayed to standard error output. If not specified the default severity levels for issues are [critical, important, moderate, practice].
# Easiest way to scan
devskim analyze /home/user/myprojectIn order to look only for issues with certain severity (critical, important etc..) there is a -s|--severity switch. See the following example:
devskim analyze /home/user/myproject -s critical -s importantWhen using custom rules the -r|--rules switch needs to be used. Each --rules switch defines a directory with rules. In case of using the external rules only the -i|--ignore-default-rules switch is used to prevent DevSkim from loading the default set of rules.
# use default rules AND custom rules
devskim analyze /home/user/myproject -r /my/rules/directory -r /my/other/rules
# use only custom rules
devskim analyze /home/user/myproject -r /my/rules/directory -r /my/other/rules -iDevSkim scan results can be stored in a file in several formats [text, json, sarif]. If no output file is specified, then standard output is being used.