Synopsis

fcli fod oss-scan list-components [--app=<appNameOrId>] [--delim=<delimiter>] [--rel=id|app[:ms]:rel] [--scan-types=<scanTypes>[, <scanTypes>…​]]…​ [[-h] [--env-prefix=<prefix>] [--log-file=<logFile>] [--log-level=<logLevel>] [--log-mask=<level>] [--debug]] [[--fod-session=<sessionName>]] [[-o=<type+args>] [--style*=<style>,…​]…​ ] [--to-file=<outputFile>_]] [-q=<SpEL _ _ expression>]

Description

This command is not fully implemented and is intended for preview only. Command name, options and behavior may change at any time, even between patch or minor releases, potentially affecting any workflows in which this command is being used. This command lists the Open Source components for an application, a release or the whole tenant. The list of OSS components is based on the results of the last SCA scan on a release of the application. To filter the results retrieved from this command use the standard -q option. For example to only show vulnerable components, you can use -q isVulnerable, or to only show components with a specific license (e.g. AGPL), you can use -q 'licenseSummary matches "AGPL.*"'. Please note: the FoD REST API does not yet support filtering by application, so specifying this option will currently return all Open Source components for all applications.

Options

--app=<appNameOrId>

Application id or name. Note that numeric values are always interpreted as id’s. If you have numeric application names, you will need to specify the application id.

--delim=<delimiter>

Change the default delimiter character when using options that accept "application[:microservice]:release" as an argument or parameter.

-q, --query=<SpEL expression>

Only display records for which the given Spring Expression Language (SpEL) expression returns true.

--rel, --release=id|app[:ms]:rel

Release id or <application>[:<microservice>]:<release> name.

--scan-types=<scanTypes>[,<scanTypes>…​]

Comma-separated list of scan types for which to list Open Source components for. Default value: Debricked. Valid values: Sonatype, CycloneDx, Debricked.

FoD session name options

--fod-session=<sessionName>

Name of the FoD session to use for executing this command. Default value: default.

Output options (also see documentation link below)

-o, --output=<type+args>

Select output type (csv, table, expr, json, xml, yaml) and optional type arguments.

--store=<var>[:<prop>]

Store JSON results in an fcli variable for later reference.

*--style*=<style>,…​

Select output style: header, no-header, pretty, no-pretty, flat, no-flat, array, single, border, no-border, md-border.

--to-file=<outputFile>

Write output to the specified file.

Generic fcli options (also see documentation link below)

--debug

Enable collection of debug logs.

--env-prefix=<prefix>

Prefix for resolving default option values. Default value: FCLI_DEFAULT.

-h, --help

Use 'fcli [command] -h' to display help for fcli (sub-)commands.

--log-file=<logFile>

Write log output to file. Default: ./fcli.log if logging is enabled.

--log-level=<logLevel>

Set logging level: TRACE, DEBUG, INFO, WARN, ERROR, NONE.

--log-mask=<level>

Log mask level: high, medium, low, none. Default: medium. Masking is done on a best-effort basis; no guarantee that all sensitive data will be masked.