Skip to content

herodevs/cli

BranchesTags

Repository files navigation

@herodevs/cli

The HeroDevs CLI

oclif Version Downloads/week

Installation Instructions

  1. Install node v20 or higher: Download Node
  2. Install the CLI using one of the following methods:
    • Globally: Refer to the Usage instructions on installing the CLI globally
    • npx: npx @herodevs/cli@beta
  3. Refer to the Commands section for a list of commands

TERMS

Use of this CLI is governed by the HeroDevs End of Life Dataset Terms of Service and Data Policy.

Scanning Behavior

The CLI is designed to be non-invasive:

  • It does not install dependencies or modify package manager files (package-lock.json, yarn.lock, etc.)
  • It analyzes the project in its current state
  • If you need dependencies installed for accurate scanning, please install them manually before running the scan

Usage

$ npm install -g @herodevs/cli
$ hd COMMAND
running command...
$ hd (--version)
@herodevs/cli/2.0.0-beta.4 darwin-arm64 node-v22.18.0
$ hd --help [COMMAND]
USAGE
  $ hd COMMAND
...

Commands

hd help [COMMAND]

Display help for hd.

USAGE
  $ hd help [COMMAND...] [-n]

ARGUMENTS
  COMMAND...  Command to show help for.

FLAGS
  -n, --nested-commands  Include all nested commands in the output.

DESCRIPTION
  Display help for hd.

See code: @oclif/plugin-help

hd scan eol

Scan a given SBOM for EOL data

USAGE
  $ hd scan eol [--json] [-f <value> | -d <value>] [-s] [--saveSbom]

FLAGS
  -d, --dir=<value>   [default: <current directory>] The directory to scan in order to create a cyclonedx SBOM
  -f, --file=<value>  The file path of an existing cyclonedx SBOM to scan for EOL
  -s, --save          Save the generated report as herodevs.report.json in the scanned directory
      --saveSbom      Save the generated SBOM as herodevs.sbom.json in the scanned directory

GLOBAL FLAGS
  --json  Format output as json.

DESCRIPTION
  Scan a given SBOM for EOL data

EXAMPLES
  Default behavior (no command or flags specified)

    $ hd

  Equivalent to

    $ hd scan eol --dir .

  Skip SBOM generation and specify an existing file

    $ hd scan eol --file /path/to/sbom.json

  Save the report or SBOM to a file

    $ hd scan eol --save --saveSbom

  Output the report in JSON format (for APIs, CI, etc.)

    $ hd scan eol --json

See code: src/commands/scan/eol.ts

hd update [CHANNEL]

update the hd CLI

USAGE
  $ hd update [CHANNEL] [--force |  | [-a | -v <value> | -i]] [-b ]

FLAGS
  -a, --available        See available versions.
  -b, --verbose          Show more details about the available versions.
  -i, --interactive      Interactively select version to install. This is ignored if a channel is provided.
  -v, --version=<value>  Install a specific version.
      --force            Force a re-download of the requested version.

DESCRIPTION
  update the hd CLI

EXAMPLES
  Update to the stable channel:

    $ hd update stable

  Update to a specific version:

    $ hd update --version 1.0.0

  Interactively select version:

    $ hd update --interactive

  See available versions:

    $ hd update --available

See code: @oclif/plugin-update

CI/CD Usage

You can use @herodevs/cli in your CI/CD pipelines to automate EOL scanning.

Using the Docker Image (recommended)

We provide a Docker image that's pre-configured to run EOL scans. Based on cdxgen, it contains build tools for most project types and will provide best results when generating an SBOM.

GitHub Actions

## .github/workflows/herodevs-eol-scan.yml
name: HeroDevs EOL Scan

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run EOL Scan with Docker
        uses: docker://ghcr.io/herodevs/eol-scan
        with:
          args: "--json"

GitLab CI/CD

eol-scan: 
  image: 
    name: "ghcr.io/herodevs/eol-scan"
    # Entrypoint or base command must be disabled due 
    # to GitLab's execution mechanism and run manually
    entrypoint: [""] 
  script: "npx @herodevs/cli@beta --json"

Using npx

You can use npx to run the CLI just like you'd run it locally.

Note

The development environment is expected to be ready to run the app. For best results, prefer using the prebuilt image, but otherwise, prepare all requirements before the scan step.

GitHub Actions

## .github/workflows/herodevs-eol-scan.yml
name: HeroDevs EOL Scan

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'

      - run: echo # Prepare environment, install tooling, perform setup, etc.

      - name: Run EOL Scan
        run: npx @herodevs/cli@beta

GitLab CI/CD

image: alpine

eol-scan:
  script:
    - echo # Prepare environment, install tooling, perform setup, etc.
    - npx @herodevs/cli@beta

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Contributing

Contributing
Activity
Custom properties

Stars

8 stars

Watchers

4 watching

Forks

10 forks
Report repository

Releases 9

Release v0.3.1 Latest
Dec 18, 2024
+ 8 releases

Packages

 
 
 

Contributors 10

Languages