Synopsis

fcli fod oss-scan list-components [--app=<appNameOrId>] [--delim=<delimiter>] [--rel=id|app[:ms]:rel] [--scan-types=<scanTypes>[, <scanTypes>…​]]…​ [[-h] [--env-prefix=<envPrefix>] [--log-file=<logFile>] [--log-level=<logLevel>] [--log-mask=<logMaskLevel>] [--debug]] [[--fod-session=<sessionName>]] ] [--style=<outputStyleElements>_[, <outputStyleElements>…​]]…​ ] [--to-file=<outputFile>_]] [-q=<SpEL _ _ expression>]

Description

This command is not fully implemented and is intended for preview only. Command name, options and behavior may change at any time, even between patch or minor releases, potentially affecting any workflows in which this command is being used. This command lists the Open Source components for an application, a release or the whole tenant. The list of OSS components is based on the results of the last SCA scan on a release of the application. To filter the results retrieved from this command use the standard -q option. For example to only show vulnerable components, you can use -q isVulnerable, or to only show components with a specific license (e.g. AGPL), you can use -q 'licenseSummary matches "AGPL.*"'. Please note: the FoD REST API does not yet support filtering by application, so specifying this option will currently return all Open Source components for all applications.

Options

--app=<appNameOrId>

Application id or name. Note that numeric values are always interpreted as id’s. If you have numeric application names, you will need to specify the application id.

--delim=<delimiter>

Change the default delimiter character when using options that accept "application[:microservice]:release" as an argument or parameter.

-q, --query=<SpEL expression>

Only display records for which the given Spring Expression Language (SpEL) expression returns true.

--rel, --release=id|app[:ms]:rel

Release id or <application>[:<microservice>]:<release> name.

--scan-types=<scanTypes>[,<scanTypes>…​]

Comma-separated list of scan types for which to list Open Source components for. Default value: Debricked. Valid values: Sonatype, CycloneDx, Debricked.

FoD session name options

--fod-session=<sessionName>

Name of the FoD session to use for executing this command. Default value: default.

Output options

-o, --output=type[=<args>]

Specify output type and optional type arguments. Available output formats: csv, table, expr, json, xml, yaml. The 'expr' output format takes a string containing '{property}' placeholders, other output formats take an optional, comma-separated list of properties to include in the output.

--store=variableName[:<propertyNames>]

Store the JSON results of this command in a variable. Variables can be managed through the 'fcli util variable' command, and can be referenced using ::variable::[property] on any subsequent command.

--style=<outputStyleElements>[,<outputStyleElements>…​]

Comma-separated list of style elements to apply to the selected output format. Allowed values: header, no-header, pretty, no-pretty, flat, no-flat, array, single, border, no-border, md-border.

--to-file=<outputFile>

Write command output to the specified file instead of stdout.

Generic fcli options

--debug

Enable both fcli trace logging and collection of extra debugging data on applicable fcli actions and commands, for example enabling debug logging on tools invoked through fcli tool run commands, or enabling server-side debug log generation.

--env-prefix=<envPrefix>

Environment variable prefix for resolving default option and parameter values. Default value: FCLI_DEFAULT.

-h, --help

Show this help message and exit. Use 'fcli <command> -h' to display help for subcommands.

--log-file=<logFile>

File where logging data will be written. Defaults to fcli.log in current directory if --log-level is specified.

--log-level=<logLevel>

Set logging level. Note that DEBUG and TRACE levels may result in sensitive data being written to the log file. Allowed values: TRACE, DEBUG, INFO, WARN, ERROR, NONE.

--log-mask=<logMaskLevel>

Masking level to apply to logging data. Allowed values: high, medium, low, none. Default value: medium. Note that this is on a best-effort basis; you should always check log contents for sensitive data before sharing or publishing logs.