fcli-ssc-issue-list(1)

Synopsis

fcli ssc issue list --av=<appVersionNameOrId> [--delim=<delimiter>] [--filter=<filter>] [--fs=<filterSetTitleOrId>] [--q-param=<qParam>] [--embed=<embedSuppliers>[, <embedSuppliers>…]]… [-i=<status>[,<status>…]]… [[-h] [--env-prefix=<envPrefix>] [--log-file=<logFile>] [--log-level=<logLevel>]] [[--session=<sessionName>]] ] [--store=_variableName _ ] [--to-file=<outputFile>_]] [-q=<SpEL _ _ expression>]

Description

This command allows for listing SSC vulnerability data for a given application version. By default, only visible issues will be returned; the --include option can be used to (also) include hidden, suppressed or removed issues. If any such issues are included, the default table output will show (H), (S), and/or ® for respectively hidden, suppressed and removed issues.

Optionally, additional details may be included in the output using the --embed option, but please note that this may have some impact on performance as this will result in additional HTTP requests to SSC for every page of issues.

In general, performance of this command is largely dependent on the number of issues being retrieved from SSC. The default table output collects all data in memory until all issues have been processed, so it may take a long time before you see any output, and there’s a small risk of running out of memory. Most other output formats (like json, yaml, or csv) output data immediately after each page of issues has been loaded from FoD, resulting in more immediate output.

Options

--av, --appversion=<appVersionNameOrId>: Application version id or <application>:<version> name.
--delim=<delimiter>: Change the default delimiter character when using options that accept "application:version" as an argument or parameter.
--embed=<embedSuppliers>[,<embedSuppliers>…]: Embed extra application version data. Allowed values: details, comments, auditHistory. Using the --output option, this extra data can be included in the output. Using the --query option, this extra data can be queried upon. To get an understanding of the structure and contents of the embedded data, use the --output json or --output yaml options.
--filter=<filter>: Filter issues using the given (friendly or technical) filter. See 'fcli ssc issue list-filters' for allowed values.
--fs, --filterset=<filterSetTitleOrId>: Filter set title (name) or id.
-i, --include=<status>[,<status>…]: By default, only visible issues will be returned. This option accepts a comma-separated list to allow (also) removed, suppressed and/or hidden issues to be returned, for example --include visible,removed (to return both visible and removed issues) or --include removed (to return only removed issues). Allowed values: visible, hidden, removed, suppressed.
-q, --query=<SpEL expression>: Only display records for which the given Spring Expression Language (SpEL) expression returns true.
--q-param=<qParam>: Server-side queries are automatically generated from the -q / --query option if possible; generated queries can be viewed in the debug log. The --q-param option can be used to override the automatically generated query, for example to further optimize the request. See SSC REST API documentation for information on supported formats.

Session options:

--session=<sessionName>: Name of the SSC session to use for executing this command. Default value: default.

Output options:

-o, --output=format[=<options>]: Specify output format and options. Available output formats: csv, csv-plain, json, json-flat, table, table-plain, tree, tree-flat, xml, xml-flat, yaml, yaml-flat, expr, json-properties. The 'expr' output format takes a string containing '{property}' placeholders, other output formats take an optional, comma-separated list of properties to include in the output. Use '-o json-properties' on the current command to see available properties.
--store=variableName[=<propertyNames>]: Store the JSON results of this command in a variable. Variables can be managed through the 'fcli util variable' command, and can be referenced using ::variable::[property] on any subsequent command.
--to-file=<outputFile>: Write command output to the specified file instead of stdout.

Generic fcli options:

--env-prefix=<envPrefix>: Environment variable prefix for resolving default option and parameter values. Default value is FCLI_DEFAULT.
-h, --help: Show this help message and exit. Use 'fcli <command> -h' to display help for subcommands.
--log-file=<logFile>: File where logging data will be written. Defaults to fcli.log in current directory if --log-level is specified.
--log-level=<logLevel>: Set logging level. Note that DEBUG and TRACE levels may result in sensitive data being written to the log file. Allowed values: TRACE, DEBUG, INFO, WARN, ERROR.

FCLI: The Universal Fortify CLI

fcli-ssc-issue-list(1) Manual Page

Name