CLI Reference

This page provides documentation for the command line tools.

cstools

CodeSecTools: A framework for code security that provides abstractions for static analysis tools and datasets to support their integration, testing, and evaluation.

Usage:

cstools [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`-d`, `--debug`	boolean	Show debugging messages and disable pretty exceptions.	`False`
`-v`, `--version`	boolean	Show the tool's version.	None
`--install-completion`	boolean	Install completion for the current shell.	None
`--show-completion`	boolean	Show completion for the current shell, to copy it or customize the installation.	None
`--help`	boolean	Show this message and exit.	`False`

Subcommands

allsast: Run all available SAST tools together.
bearer: Bearer SAST
coverity: Coverity Static Analysis
cppcheck: Cppcheck
download: Download and install any missing resources that are available for download.
semgrepce: Semgrep Community Edition Engine
snykcode: Snyk Code
spotbugs: SpotBugs
status: Display the availability of SAST tools and datasets.

cstools allsast

Run all available SAST tools together.

Usage:

cstools allsast [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

analyze: Analyze a project using all availbale SAST tools.
benchmark: Benchmark a dataset using all SAST tools.
info: List used SAST tools.
list: List existing analysis results.
plot: Generate plot for results visualization (datasets are not supported).
report: Generate an HTML report

cstools allsast analyze

Analyze a project using all availbale SAST tools.

Usage:

cstools allsast analyze [OPTIONS] LANG

Options:

Name	Type	Description	Default
`--artifacts`	path	Pre-built artifacts directory (for PrebuiltSAST only)	None
`--overwrite`	boolean	Overwrite existing analysis results for current project	`False`
`--help`	boolean	Show this message and exit.	`False`

cstools allsast benchmark

Benchmark a dataset using all SAST tools.

Usage:

cstools allsast benchmark [OPTIONS] DATASET

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing results (not applicable on CVEfixes)	`False`
`--testing`	boolean	Run benchmark over a single dataset unit for testing	`False`
`--help`	boolean	Show this message and exit.	`False`

cstools allsast info

List used SAST tools.

Usage:

cstools allsast info [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools allsast list

List existing analysis results.

Usage:

cstools allsast list [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools allsast plot

Generate plot for results visualization (datasets are not supported).

Usage:

cstools allsast plot [OPTIONS] PROJECT

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing figures	`False`
`--format`	choice (`png` \| `pdf` \| `svg`)	Figures export format	`png`
`--help`	boolean	Show this message and exit.	`False`

cstools allsast report

Generate an HTML report

Usage:

cstools allsast report [OPTIONS] PROJECT

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing results	`False`
`--help`	boolean	Show this message and exit.	`False`

cstools bearer

Bearer SAST

Usage:

cstools bearer [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

install: List instruction to install missing requirements.

cstools bearer install

List instruction to install missing requirements.

Usage:

cstools bearer install [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools coverity

Coverity Static Analysis

Usage:

cstools coverity [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

install: List instruction to install missing requirements.

cstools coverity install

List instruction to install missing requirements.

Usage:

cstools coverity install [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools cppcheck

Cppcheck

Usage:

cstools cppcheck [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

install: List instruction to install missing requirements.
list: List existing analysis results.
plot: Generate plot for results visualization.

cstools cppcheck install

List instruction to install missing requirements.

Usage:

cstools cppcheck install [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools cppcheck list

List existing analysis results.

Usage:

cstools cppcheck list [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools cppcheck plot

Generate plot for results visualization.

Usage:

cstools cppcheck plot [OPTIONS] RESULT

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing figures	`False`
`--format`	choice (`png` \| `pdf` \| `svg`)	Figures export format	`png`
`--help`	boolean	Show this message and exit.	`False`

cstools download

Download and install any missing resources that are available for download.

Usage:

cstools download [OPTIONS] NAME

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools semgrepce

Semgrep Community Edition Engine

Usage:

cstools semgrepce [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

install: List instruction to install missing requirements.

cstools semgrepce install

List instruction to install missing requirements.

Usage:

cstools semgrepce install [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools snykcode

Snyk Code

Usage:

cstools snykcode [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

install: List instruction to install missing requirements.
list: List existing analysis results.
plot: Generate plot for results visualization.

cstools snykcode install

List instruction to install missing requirements.

Usage:

cstools snykcode install [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools snykcode list

List existing analysis results.

Usage:

cstools snykcode list [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools snykcode plot

Generate plot for results visualization.

Usage:

cstools snykcode plot [OPTIONS] RESULT

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing figures	`False`
`--format`	choice (`png` \| `pdf` \| `svg`)	Figures export format	`png`
`--help`	boolean	Show this message and exit.	`False`

cstools spotbugs

SpotBugs

Usage:

cstools spotbugs [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

install: List instruction to install missing requirements.
list: List existing analysis results.
plot: Generate plot for results visualization.

cstools spotbugs install

List instruction to install missing requirements.

Usage:

cstools spotbugs install [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools spotbugs list

List existing analysis results.

Usage:

cstools spotbugs list [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools spotbugs plot

Generate plot for results visualization.

Usage:

cstools spotbugs plot [OPTIONS] RESULT

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing figures	`False`
`--format`	choice (`png` \| `pdf` \| `svg`)	Figures export format	`png`
`--help`	boolean	Show this message and exit.	`False`

cstools status

Display the availability of SAST tools and datasets.

Usage:

cstools status [OPTIONS]

Options:

Name	Type	Description	Default
`--sasts`	boolean	Show sasts only	`False`
`--datasets`	boolean	Show datasets only	`False`
`--help`	boolean	Show this message and exit.	`False`