Synopsis

fcli tool env init [--preinstalled] [--base-dir=<baseDir>] [--install-dir-pattern=<installDirPattern>] [--self=<self>] [--tool-definitions=<toolDefinitions>] [--tools=<toolSpecs>[, <toolSpecs>…​]]…​ [[-h] [--env-prefix=<prefix>] [--log-file=<logFile>] [--log-level=<logLevel>] [--log-mask=<level>] [--debug]]

Description

Detects, registers, and installs Fortify tools. Supports auto-detection of pre-installed tools, dynamic installation with signature verification, platform-specific tool caching, air-gapped environments, and Docker multi-stage builds.

The --tools option specifies which tools to set up, along with optional version or path specifiers. The following tools are supported: fcli, sc-client, fod-uploader, bugtracker-utility, vuln-exporter, debricked-cli.

<tool>:<path> Register existing tool installation at given path, fail if path does not exist or does not contain expected tool binary.

<tool>:<version> Register existing installation if matching version is found in previously installed versions or on system PATH (resolving semantic version aliases like 'latest'), otherwise download and install requested version.

<tool> OR <tool>:auto Check for <TOOL_ENV_PREFIX>_HOME or <TOOL_ENV_PREFIX>_VERSION environment variables to determine version or path, with same behavior as above. If neither environment variable is specified, attempts to register any available version from previously installed versions or first match in system PATH. If no existing installation is found, installs 'latest' version.

Following shows the exact environment variables that will be checked for each supported tool: - fcli: FCLI_VERSION, FCLI_HOME - sc-client: SC_CLIENT_VERSION, SC_CLIENT_HOME - fod-uploader: FOD_UPLOADER_VERSION, FOD_UPLOADER_HOME - debricked-cli: DEBRICKED_VERSION, DEBRICKED_HOME - bugtracker-utility: FBTU_VERSION, FBTU_HOME - vuln-exporter: FVE_VERSION, FVE_HOME

For ScanCentral Client, the init command will look for a compatible JRE based on the following environment variables (in this order): - SC_CLIENT_JAVA_HOME - SCANCENTRAL_JAVA_HOME - JAVA_HOME_<version>_<arch> (e.g., JAVA_HOME_17_X86_64, JAVA_HOME_17_AMD64, or JAVA_HOME_17_X64 for GitHub Actions) - JAVA_HOME_<version> (e.g., JAVA_HOME_17, JAVA_HOME_11)

If no compatible JRE is found through these environment variables, a compatible JRE will be downloaded and installed. Note that we specifically do not look for the general JAVA_HOME environment variable, as that may point to an incompatible JRE version, or may change to a different JRE version over time, causing potential compatibility issues with ScanCentral Client.

Options

--base-dir=<baseDir>

Base directory for tool installations: <base-dir>/<tool>/<version>/.

--install-dir-pattern=<installDirPattern>

Pattern for tool cache directory paths, with {tool} and {version} placeholders (e.g., /cache/{tool}/{version}). When specified, semantic versions are resolved to actual versions for proper cache naming.

--preinstalled

Preinstalled mode: all tools must be pre-installed, don’t update tool definitions. Can also be enabled via PREINSTALLED environment variable.

--self=<self>

Path to bootstrapped fcli executable. Not intended for end users; typically set by platform integration tools.

--tool-definitions=<toolDefinitions>

Custom tool definitions URL or file path. Defaults to TOOL_DEFINITIONS environment variable if set, otherwise uses built-in default. Ignored if all tools have explicit paths or preinstalled mode is enabled.

--tools=<toolSpecs>[,<toolSpecs>…​]

Comma-separated list of tools to set up in the format <tool>[:<version>|<path>]. Examples: sc-client, fcli:v3, debricked-cli:/opt/debricked. If a tool is not listed, it will be skipped. Supported tools: fcli, sc-client, fod-uploader, bugtracker-utility, vuln-exporter, debricked-cli.

Generic fcli options (also see documentation link below)

--debug

Enable collection of debug logs.

--env-prefix=<prefix>

Prefix for resolving default option values. Default value: FCLI_DEFAULT.

-h, --help

Use 'fcli [command] -h' to display help for fcli (sub-)commands.

--log-file=<logFile>

Write log output to file. Default: ./fcli.log if logging is enabled.

--log-level=<logLevel>

Set logging level: TRACE, DEBUG, INFO, WARN, ERROR, NONE.

--log-mask=<level>

Log mask level: high, medium, low, none. Default: medium. Masking is done on a best-effort basis; no guarantee that all sensitive data will be masked.