`-/+syhhhhhhhhys+/-` ./shmmmmmmmmmmmmmmmmmmmmhs/. -+hmmmmmdyso+++++++++ooshdmmmmmh+- `/ymmmmds+/+shddmmmmmmmmddhso+oydmmmmy/` `/hmmmds/+ydmmmmmmdhhhhhddmmmmmmdy++ymmmmh/` -ymmmd+/sdmmmmhs++++ossssoo++oshmmmmdy+smmmmy- /dmmmo:smmmmy+/oydmmmmmmmmmmmmdyo+ohmmmmy/ymmmd/ ommmd:+dmmmy/+hmmmmdys+///+osydmmmmho+hmmmdo+mmmmo +mmmh-smmmd//hmmmho-`` `.:sdmmmh+ommmms/dmmm+ :mmmd-smmmy-smmmh/` .+dmmms/dmmms/mmmm: `hmmm:+mmmh.ymmms` -hmmmy:dmmm+ommmh` :mmmy.dmmm:+mmms` .hmmm+ommmd:dmmm: smmm+/mmmh.dmmd. `.. :mmmd-dmmm/ymmms ymmm:ommmo-mmmy `/hddo `dmmm-hmmmoommmy ymmm:ommmo-mmmy `/hmmmd/ `dmmm-hmmmoommmy smmm+/mmmh.dmmd. .+hmmmdo. :mmmd-dmmm/ymmms :mmmy.dmmm:+mmms` `+hmmmd+. .hmmmo+mmmd:dmmm: `hmmm:+mmmh.ymmy-+dmmmd+` -hmmmy:dmmm+ommmh` :mmmd-smmmy-o/+hmmmd+` `+dmmmy/dmmmy/mmmm: ommmh-smmy:+dmmmd+` :dmmd++mmmmy/dmmmo ommmd:+/+hmmmd+` .s++hmmmdo+mmmmo +mmy//hmmmd+` -hmmmy/ymmmm+ -:/dmmmd+` `os/smmmmh- /mmmdo` `ymmmd/` `/+/` /y/` ---------------------------- Copyrights 2017 - CAST ---------------------------- Tested on Ubuntu 16.0.4, Windows 10 ---------------------------- For any question or feedback regarding this command line, please contact us at support@casthighlight.com ---------------------------- Requirements ---------------------------- ### For Linux - Debian based systems Perl ---- Perl 5, libjson-perl, libxml-libxml-perl To check perl version: $>perl -v To check required libraries are installed: $>dpkg --get-selections libxml-libxml-perl libjson-perl To install the above libraries: $>apt-get install libxml-libxml-perl libjson-perl ### For Linux - RHEL/CENTOS based systems Install the libraries: perl-XML-LibXML, perl-JSON and perl-Digest-SHA $>yum -y install perl-Digest-SHA $>yum -y install perl-JSON $>yum -y install perl-XML-LibXML ### For Mac OS -- Sierra Perl ---- Perl 5 (5.2.18) install as part of Sierra To check perl version: $>perl -v Some complementary perl module are needed: XML::LibXML JSON Their installation require XCode presence with it's command line. Installation for module : $>cpan install XML::LibXML Choose to update global perl installation using "sudo" mode. For other parameter let standard answers $>cpan install JSON Choose to update global perl installation using "sudo" mode. For other parameter let standard answers If XCode is not present. It's installation will be proposed. Then you will need to relaunch cpan to complete module installation Java ---- Java 8 $>java -version ### For Windows Prior using the command line, you'll have to install the Highlight Local Agent on your machine, in order to embed the required Perl binaries. ====================== Option (* = required) Description --------------------- ----------- --help Print supported technologies --printTechnos Scanning Options * --sourceDir The absolute path to the directory that contains the source code to be scanned by Highlight. * --workingDir This is the absolute path to the Highlight working directory. Within this directory, a Highlight temporary folder ("HLTemporary") will be created and will contain scan result files (CSVs). --technologies Technologies you want to explicitly scan, separated by "," and sorted by preferences (e.g. "Java,Python"). See --printTechnos option above to get the technology list. --ignoreDirectories Directory name patterns to ignore during a scan, separated by "," (e.g. "test,.git,COTS"). --ignorePaths Regex used to exclude paths (e.g. ^subproject/node_modules|^.*test - skip node_modules from subproject and all path with prefix ending with test) Scan result options (by default result are directly uploaded to server) --skipUpload Only CSV generation. No upload performed --zipResult Combined with skipUpload, create a zip file with all CSV results (this file might be uploaded on the portal or using command line) Upload result to Highlight portal (remove --skipUpload if present), might be use combined with scanning or to upload a previous scan result --login Login to Highlight portal --password Password for indicated login --basicAuth BasicAuth value <=> Base64 encode of login:password --companyId Identification for the company (can be retrieved from the Highlight portal, it is the ID displayed in the url when clicking on "MANAGE PORTFOLIO" from the menu) --applicationId Identification for the application (can be retried from the Highlight portal, it is the ID displayed in the url when editing an application in "MANAGE PORTFOLIO") --serverUrl The Highlight server instance where the results has to be uploaded (user credentials have to work on this server) --snapshotLabel The application snapshot label you want to display on the application result page on the portal (e.g. release version, build number, etc.) --uploadZipFile Use this option to treat a file created with "zipResult". Take the zip file full path. Advanced options --analyzerDir Alternate directory for Highlight's analyzer scripts. --dbgSourceList File name for discover file list export for debugging --perlInstallDir Root directory for perl installation. (Use it when perl installation is not found) Logs ---- Logfile is HLAutomation.log in --workingDir ---------------------------- Command Line Usage ---------------------------- java -jar HighlightAutomation.jar --workingDir --sourceDir --analyzerDir --skipUpload You may use Command Line assistant on Highlight Portal on application scan page to generate the command line for an application with pre-filed parameters Examples: [Linux] Scan sources in /home/user/myproject/src with results in /home/user/highlight-myproject java -jar HighlightAutomation.jar --workingDir "/home/user/highlight-myproject/" --sourceDir "/home/user/svn/myproject/src/" --skipUpload [Windows] Scan sources in C:\myproject\src with results in C:\highlight-myproject java -jar HighlightAutomation.jar --workingDir "C:\highlight-myproject" --sourceDir "C:\myproject\src" --skipUpload [zipResult/uploadZipFile] Scan sources in C:\myproject\src with results in C:\highlight-myproject java -jar HighlightAutomation.jar --workingDir "C:\highlight-myproject" --sourceDir "C:\myproject\src" --skipUpload --zipResult C:\zipResult\analyze_xxx.zip Upload results java -jar HighlightAutomation.jar -basicAuth 0EFXDFED --companyId 2 --applicationId 8 --snapshotLabel scan_2_2019 --uploadZipFile C:\analyzerResults\analyze_xxx.zip --------------------------- Command Line Return status --------------------------- The Command Line process returns the following exit status: 0 - Ok 1 - Command Line general failure 2 - Command Line options parse error 3 - Command Line techno discovery error 4 - Command Line analysis error 5 - Command Line result upload error 6 - Command Line source dir or output dir validation error 7 - Command Line result saving to zip file error 8 - Command Line upload from zip file error ---------------------------- Help ---------------------------- --workingDir is the directory where you want to store scan results. --sourceDir is the absolute path to the directory that contains source files to be scanned by CAST Highlight. -------------------------------------- Special configuration for proxy server -------------------------------------- Using a proxy server for upload. Proxy with no password : -Dhttps.proxyHost= -Dhttps.proxyPort= If a password is requested for proxy add the following additional parameter -Dhttps.proxyUser= -Dhttps.proxyPassword= Examples: java -Dhttps.proxyHost=your proxy host -Dhttps.proxyPort=your proxy port -Dhttps.proxyUser=user -Dhttps.proxyPassword=password -jar HighlightAutomation.jar --workingDir "C:\highlight-myproject" --sourceDir "C:\myproject\src" --login xxx --password xxxx As proxy provider and configuration are multiple. You may still experience issue on specific configuration. ---------------------------- Known problems ---------------------------- The analysis fail when the --workingDir is mounted on a shared directory of a VirtualBox