This project has been dropped!
Please use Crda Java API or Crda JavaScript API Instead.
Click here for original README
This project is still in development mode. For analysis, currently, only Java's Maven ecosystem is implemented.
- Staging version (Pre-release) can be found here.
- Sample projects can be found in the crda-usage-examples repo
Download the binary based on your OS from the Releases tab.
The Html report is saved as a local file in the OS's temporary folder.
$ crda analyse /path/to/maven/project/pom.xml
Summary Report for Dependency Analysis:
Total Scanned Dependencies: 10
Total Scanned Transitive Dependencies: 193
Direct Vulnerable Dependencies: 4
Total Vulnerabilities: 14
Critical Vulnerabilities: 0
High Vulnerabilities: 3
Medium Vulnerabilities: 8
Low Vulnerabilities: 3
Full Report: file:///tmp/crda/stack-analysis-maven-1684149652.htmlRunning using and image will not create a Html report.
Instead, it will print the Json version of the report.
This behavioural is also achievable manually using the --json flag:
$ crda analyse /path/to/maven/project/pom.xml --json
{
"dependencies": {
"scanned": 10,
"transitive": 193
},
"vulnerabilities": {
"critical": 0,
"direct": 4,
"high": 3,
"low": 3,
"medium": 8,
"total": 14
}
}From your project path (replace PWD with path if needed):
podman run --rm -it \
-v $HOME/.m2:/opt/app-root/src/.m2 \
-v $HOME/.crda:/opt/app-root/src/.crda \
-v $PWD:/app \
quay.io/ecosystem-appeng/crda-cli:staging analyse pom.xmlSet your Snyk token to include Snyk's private vulnerabilities in your report.
Instructions for creating the token can be found here.
There are multiple approaches for setting your Snyk token with Crda, processed in the following order: Using a command line flag:
crda analyse --snyk-token <snyk-token-goes-here> ...Using an environment variable:
CRDA_SNYK_TOKEN=<snyk-token-goes-here> crda analyse ...Or saving it in the config file for re-using:
crda config set crda_snyk_token <snyk-token-goes-here>$ crda help
Use this tool for CodeReady Dependency Analytics reports
Usage:
crda [command]
Available Commands:
analyse Preform dependency analysis report
completion Generate a completions script
config Manage crda config
help Help about any command
version Get binary version
Flags:
-m, --client string The invoking client for telemetry (default "terminal")
-d, --debug Set DEBUG log level
-c, --no-color Toggle colors in output.
Use "crda [command] --help" for more information about a command.