Synopsis
fcli tool vuln-exporter install [-y] [--[no-]global-bin] [--on-digest-mismatch=<onDigestMismatch>] [-p=<platform>] [--progress=<type>] [-v=<version>] [-u=<versionsToUninstall>[, <versionsToUninstall>…]]… [[-h] [--env-prefix=<envPrefix>] [--log-file=<logFile>] [--log-level=<logLevel>] [--log-mask=<logMaskLevel>] [--debug]] [-d=<installDir> | -b=<baseDir>] ] [--style=<outputStyleElements>_[, <outputStyleElements>…]]… ] [--to-file=<outputFile>_]]
Description
This command allows for tool installation and upgrade. By default, tools are installed to <base-dir>/<tool-name>/<version>. The base directory can be specified using the --base-dir option, defaulting to <user.home>/fortify/tools if not specified. Unless the --no-global-bin option is specified, wrapper scripts for invoking each tool will be installed to <base-dir>/bin, allowing users to add this single directory to the system PATH for easy invocation of all installed tools.
It is also possibly to specify an explicit installation directory through the --install-dir option, for example to install the tool to a specific location that will be cached by a CI/CD system. The --install-dir option doesn’t create the <base-dir>/<tool-name>/<version> directory structure, and doesn’t install wrapper scripts to a shared bin-directory.
When installing a new version, older versions can optionally be automatically un-installed using the --uninstall option, which is basically the equivalent of a tool upgrade. When trying to install a version that’s already been installed, only some post-installation tasks will be re-run, like installing the global bin scripts and performing any tool configuration if applicable.
Sample invocations:
Install latest tool version, keep older versions: fcli tool <name> install -v latest
Install latest tool version (only re-running post-install if already existing), uninstall all other tool versions: fcli tool <name> install -v latest --uninstall all
Install latest v2 version, uninstall all other v2 versions: fcli tool <name> install -v 2 --uninstall 2
Install latest and latest v1, have global bin-scripts point to latest: fcli tool <name> install -v latest fcli tool <name> install -v 1 --no-global-bin
Each tool installation includes shell scripts or executables that can be run as usual, however tools installed through the 'fcli tool <tool-name> install' command can also be run through the 'fcli tool <tool-name> run' command. This command allows for selecting which version of a tool to run if multiple versions have been installed, and allows for easy tool invocation even if they haven’t been added to the PATH.
Options
- -b, --base-dir=<baseDir>
-
Base directory under which the tool will be installed.
- -d, --install-dir=<installDir>
-
Tool installation directory. As described above, it is recommended to use --base-dir instead.
- --[no-]global-bin
-
By default, wrapper scripts will be installed to <base-dir>/bin; use --no-global-bin to skip installing/updating these wrapper scripts.
- --on-digest-mismatch=<onDigestMismatch>
-
Action to take if there is a digest mismatch. Allowed values: fail, warn. Default action is to fail.
- -p, --platform=<platform>
-
By default, fcli will try to install tool binaries that match the current operating system & architecture. Use this option to override automatic platform detection. The list-platforms command lists available platforms.
- --progress=<type>
-
Configure progress output. Allowed values: auto, none, simple, stderr, single-line, ansi. Default value: auto. Proper output of single-line and ansi depends on console capabilities.
- -u, --uninstall=<versionsToUninstall>[,<versionsToUninstall>…]
-
Uninstall the given versions while installing the new version. Accepts 'all' to uninstall all existing versions, or a comma-separated list of version numbers. Version numbers may be specified as <major>[.<minor>[.<patch>]].
- -v, --version=<version>
-
Tool version to install; see output of list command to view available versions. Default value: latest
- -y, --confirm
-
Automatically confirm all prompts (cleaning the target directory, uninstalling other versions).
Output options
- -o, --output=type[=<args>]
-
Specify output type and optional type arguments. Available output formats: csv, table, expr, json, xml, yaml. The 'expr' output format takes a string containing '{property}' placeholders, other output formats take an optional, comma-separated list of properties to include in the output.
- --store=variableName[:<propertyNames>]
-
Store the JSON results of this command in a variable. Variables can be managed through the 'fcli util variable' command, and can be referenced using ::variable::[property] on any subsequent command.
- --style=<outputStyleElements>[,<outputStyleElements>…]
-
Comma-separated list of style elements to apply to the selected output format. Allowed values: header, no-header, pretty, no-pretty, flat, no-flat, array, single, border, no-border, md-border.
- --to-file=<outputFile>
-
Write command output to the specified file instead of stdout.
Generic fcli options
- --debug
-
Enable both fcli trace logging and collection of extra debugging data on applicable fcli actions and commands, for example enabling debug logging on tools invoked through fcli tool run commands, or enabling server-side debug log generation.
- --env-prefix=<envPrefix>
-
Environment variable prefix for resolving default option and parameter values. Default value: FCLI_DEFAULT.
- -h, --help
-
Show this help message and exit. Use 'fcli <command> -h' to display help for subcommands.
- --log-file=<logFile>
-
File where logging data will be written. Defaults to fcli.log in current directory if --log-level is specified.
- --log-level=<logLevel>
-
Set logging level. Note that DEBUG and TRACE levels may result in sensitive data being written to the log file. Allowed values: TRACE, DEBUG, INFO, WARN, ERROR, NONE.
- --log-mask=<logMaskLevel>
-
Masking level to apply to logging data. Allowed values: high, medium, low, none. Default value: medium. Note that this is on a best-effort basis; you should always check log contents for sensitive data before sharing or publishing logs.