CLI Reference

This page provides documentation for the command line tools.

cstools

CodeSecTools: A framework for code security that provides abstractions for static analysis tools and datasets to support their integration, testing, and evaluation.

Usage:

cstools [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`-d`, `--debug`	boolean	Show debugging messages	`False`
`-v`, `--version`	boolean	Show the tool's version.	None
`--install-completion`	boolean	Install completion for the current shell.	None
`--show-completion`	boolean	Show completion for the current shell, to copy it or customize the installation.	None
`--help`	boolean	Show this message and exit.	`False`

Subcommands

bearer: Bearer SAST
coverity: Coverity Static Analysis
semgrepce: Semgrep Community Edition Engine
snykcode: Snyk Code
status: Display the availability status of SASTs and the cache status of datasets.

cstools bearer

Bearer SAST

Usage:

cstools bearer [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

analyze: Analyze a project using Bearer.
benchmark: Benchmark a dataset using Bearer.
list: List existing analysis results.
plot: Generate plot for results visualization.

cstools bearer analyze

Analyze a project using Bearer.

Usage:

cstools bearer analyze [OPTIONS] LANG

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing analysis results for current project	`False`
`--help`	boolean	Show this message and exit.	`False`

cstools bearer benchmark

Benchmark a dataset using Bearer.

Usage:

cstools bearer benchmark [OPTIONS] DATASET

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing results (not applicable on CVEfixes)	`False`
`--testing`	boolean	Run benchmark over a single dataset unit for testing	`False`
`--help`	boolean	Show this message and exit.	`False`

cstools bearer list

List existing analysis results.

Usage:

cstools bearer list [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools bearer plot

Generate plot for results visualization.

Usage:

cstools bearer plot [OPTIONS] RESULT

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing figures	`False`
`--show`	boolean	Display figures	`False`
`--pgf`	boolean	Export figures to pgf format (for LaTeX document)	`False`
`--help`	boolean	Show this message and exit.	`False`

cstools coverity

Coverity Static Analysis

Usage:

cstools coverity [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

install: List instruction to install missing requirements.
list: List existing analysis results.
plot: Generate plot for results visualization.

cstools coverity install

List instruction to install missing requirements.

Usage:

cstools coverity install [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools coverity list

List existing analysis results.

Usage:

cstools coverity list [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools coverity plot

Generate plot for results visualization.

Usage:

cstools coverity plot [OPTIONS] RESULT

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing figures	`False`
`--show`	boolean	Display figures	`False`
`--pgf`	boolean	Export figures to pgf format (for LaTeX document)	`False`
`--help`	boolean	Show this message and exit.	`False`

cstools semgrepce

Semgrep Community Edition Engine

Usage:

cstools semgrepce [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

analyze: Analyze a project using SemgrepCE.
benchmark: Benchmark a dataset using SemgrepCE.
list: List existing analysis results.
plot: Generate plot for results visualization.

cstools semgrepce analyze

Analyze a project using SemgrepCE.

Usage:

cstools semgrepce analyze [OPTIONS] LANG

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing analysis results for current project	`False`
`--help`	boolean	Show this message and exit.	`False`

cstools semgrepce benchmark

Benchmark a dataset using SemgrepCE.

Usage:

cstools semgrepce benchmark [OPTIONS] DATASET

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing results (not applicable on CVEfixes)	`False`
`--testing`	boolean	Run benchmark over a single dataset unit for testing	`False`
`--help`	boolean	Show this message and exit.	`False`

cstools semgrepce list

List existing analysis results.

Usage:

cstools semgrepce list [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools semgrepce plot

Generate plot for results visualization.

Usage:

cstools semgrepce plot [OPTIONS] RESULT

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing figures	`False`
`--show`	boolean	Display figures	`False`
`--pgf`	boolean	Export figures to pgf format (for LaTeX document)	`False`
`--help`	boolean	Show this message and exit.	`False`

cstools snykcode

Snyk Code

Usage:

cstools snykcode [OPTIONS] COMMAND [ARGS]...

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

Subcommands

analyze: Analyze a project using SnykCode.
benchmark: Benchmark a dataset using SnykCode.
list: List existing analysis results.
plot: Generate plot for results visualization.

cstools snykcode analyze

Analyze a project using SnykCode.

Usage:

cstools snykcode analyze [OPTIONS] LANG

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing analysis results for current project	`False`
`--help`	boolean	Show this message and exit.	`False`

cstools snykcode benchmark

Benchmark a dataset using SnykCode.

Usage:

cstools snykcode benchmark [OPTIONS] DATASET

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing results (not applicable on CVEfixes)	`False`
`--testing`	boolean	Run benchmark over a single dataset unit for testing	`False`
`--help`	boolean	Show this message and exit.	`False`

cstools snykcode list

List existing analysis results.

Usage:

cstools snykcode list [OPTIONS]

Options:

Name	Type	Description	Default
`--help`	boolean	Show this message and exit.	`False`

cstools snykcode plot

Generate plot for results visualization.

Usage:

cstools snykcode plot [OPTIONS] RESULT

Options:

Name	Type	Description	Default
`--overwrite`	boolean	Overwrite existing figures	`False`
`--show`	boolean	Display figures	`False`
`--pgf`	boolean	Export figures to pgf format (for LaTeX document)	`False`
`--help`	boolean	Show this message and exit.	`False`

cstools status

Display the availability status of SASTs and the cache status of datasets.

Usage:

cstools status [OPTIONS]

Options:

Name	Type	Description	Default
`--sasts`	boolean	Show sasts only	`False`
`--datasets`	boolean	Show datasets only	`False`
`--help`	boolean	Show this message and exit.	`False`