### Install MurphySec CLI on Linux Source: https://context7.com/murphysecurity/murphysec/llms.txt Downloads and installs the binary using the official installation script. ```bash # Install MurphySec CLI on Linux wget -q https://s.murphysec.com/release/install.sh -O - | /bin/bash # Verify installation murphysec --version ``` -------------------------------- ### Install MurphySec CLI Source: https://github.com/murphysecurity/murphysec/blob/v3/README.md Installation commands for Linux, OSX, and Windows environments. ```bash wget -q https://s.murphysec.com/release/install.sh -O - | /bin/bash ``` ```bash curl -fsSL https://s.murphysec.com/release/install.sh | /bin/bash ``` ```powershell powershell -Command "iwr -useb https://s.murphysec.com/release/install.ps1 | iex" ``` -------------------------------- ### Install MurphySec CLI on Windows Source: https://context7.com/murphysecurity/murphysec/llms.txt Downloads and installs the CLI using PowerShell. ```powershell # Install MurphySec CLI on Windows powershell -Command "iwr -useb https://s.murphysec.com/release/install.ps1 | iex" # Verify installation murphysec --version ``` -------------------------------- ### Integrate with Jenkins Pipeline Source: https://context7.com/murphysecurity/murphysec/llms.txt Example Jenkinsfile configuration for automated MurphySec scanning. ```groovy // Jenkinsfile example pipeline { agent any environment { MURPHYSEC_TOKEN = credentials('murphysec-token') } stages { stage('Security Scan') { steps { sh ''' # Install MurphySec CLI curl -fsSL https://s.murphysec.com/release/install.sh | bash # Run vulnerability scan murphysec scan . \ --token ${MURPHYSEC_TOKEN} \ --project-name "${JOB_NAME}" \ --log-level info ''' } } } } ``` -------------------------------- ### Install MurphySec CLI on macOS Source: https://context7.com/murphysecurity/murphysec/llms.txt Downloads and installs the CLI using curl. ```bash # Install MurphySec CLI on macOS curl -fsSL https://s.murphysec.com/release/install.sh | /bin/bash # Verify installation murphysec --version ``` -------------------------------- ### Perform Host Environment Scans Source: https://context7.com/murphysecurity/murphysec/llms.txt Commands for scanning host systems, processes, and installed software. ```bash murphysec envscan ``` ```bash murphysec envscan --json ``` ```bash murphysec envscan --scan-process ``` ```bash murphysec envscan --project-name "Production-Server-01" ``` ```bash murphysec envscan --disable-windows-patch-scan ``` ```bash murphysec envscan --windows-patch-scan-timeout 120 ``` -------------------------------- ### GitLab CI Integration Source: https://context7.com/murphysecurity/murphysec/llms.txt Example of how to integrate MurphySec CLI into a GitLab CI/CD pipeline for vulnerability detection. ```APIDOC ## GitLab CI Integration Integrates MurphySec CLI into GitLab CI/CD pipelines for vulnerability detection. ```yaml # .gitlab-ci.yml security-scan: stage: test image: ubuntu:latest before_script: - apt-get update && apt-get install -y curl - curl -fsSL https://s.murphysec.com/release/install.sh | bash script: - murphysec scan . --token $MURPHYSEC_TOKEN --project-name "$CI_PROJECT_NAME" --log-level info only: - main - merge_requests ``` ``` -------------------------------- ### GitHub Actions Integration Source: https://context7.com/murphysecurity/murphysec/llms.txt Example of how to integrate MurphySec CLI into a GitHub Actions workflow for automated security scanning on push and pull requests. ```APIDOC ## GitHub Actions Integration Integrates MurphySec CLI into GitHub Actions workflows for automated security scanning. ```yaml # .github/workflows/security-scan.yml name: Security Scan on: push: branches: [main] pull_request: branches: [main] jobs: security-scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Install MurphySec CLI run: | curl -fsSL https://s.murphysec.com/release/install.sh | bash - name: Run Security Scan env: MURPHYSEC_TOKEN: ${{ secrets.MURPHYSEC_TOKEN }} run: | murphysec scan . \ --token $MURPHYSEC_TOKEN \ --project-name "${{ github.repository }}" \ --json > scan-results.json - name: Upload Scan Results uses: actions/upload-artifact@v3 with: name: security-scan-results path: scan-results.json ``` ``` -------------------------------- ### Run Dependency Scan Source: https://github.com/murphysecurity/murphysec/blob/v3/README.md Execute a security scan on a specified project path. ```bash murphysec scan [your-project-path] ``` -------------------------------- ### Perform Basic Project Scans Source: https://context7.com/murphysecurity/murphysec/llms.txt Scan directories for vulnerable dependencies with optional project naming and grouping. ```bash # Basic scan of a project directory murphysec scan /path/to/your/project # Scan current directory murphysec scan . # Scan with custom project name murphysec scan /path/to/project --project-name "My Application" # Scan with project grouping murphysec scan /path/to/project --project-name "api-service" --projects-name "MyCompany" ``` -------------------------------- ### Authenticate in CI/CD Environments Source: https://context7.com/murphysecurity/murphysec/llms.txt Use tokens directly via flags or environment variables for non-interactive authentication. ```bash # Authenticate via command parameter (recommended for CI/CD) murphysec scan /path/to/project --token YOUR_ACCESS_TOKEN # Using environment variable in CI/CD export MURPHYSEC_TOKEN="your_access_token" murphysec scan /path/to/project --token $MURPHYSEC_TOKEN ``` -------------------------------- ### Configure Maven Settings Source: https://context7.com/murphysecurity/murphysec/llms.txt Specify custom Maven settings for Java project analysis. ```bash # Specify Maven settings file by ID murphysec scan /path/to/project --maven-setting-id "my-settings-id" ``` -------------------------------- ### Configure Webhook Notifications Source: https://context7.com/murphysecurity/murphysec/llms.txt Commands for setting up webhook endpoints to receive scan results. ```bash murphysec scan /path/to/project --webhook-addr "https://your-webhook-endpoint.com/notify" ``` ```bash murphysec scan /path/to/project \ --webhook-addr "https://your-webhook-endpoint.com/notify" \ --webhook-mode simple ``` ```bash murphysec scan /path/to/project \ --webhook-addr "https://your-webhook-endpoint.com/notify" \ --webhook-mode full ``` ```bash murphysec scan /path/to/project \ --webhook-addr "https://your-webhook-endpoint.com/notify" \ --webhook-token "Authorization=Bearer your_token" \ --webhook-token "X-Custom-Header=custom_value" ``` -------------------------------- ### Perform Binary Scans Source: https://context7.com/murphysecurity/murphysec/llms.txt Commands for scanning binary files, firmware, and artifacts for vulnerabilities. ```bash murphysec binscan /path/to/binary.exe ``` ```bash murphysec binscan /path/to/firmware.bin --project-name "Firmware-v1.0" ``` ```bash murphysec binscan /path/to/firmware.bin --iot ``` ```bash murphysec binscan /path/to/binary --project-tag "production" --project-tag "release" ``` -------------------------------- ### Configure Maven Scanning Source: https://context7.com/murphysecurity/murphysec/llms.txt Options for customizing Maven project scans, including settings files, JDK versions, and build arguments. ```bash murphysec scan /path/to/project --maven-setting-name "custom-settings" ``` ```bash murphysec dfscan /path/to/project --maven-settings /path/to/settings.xml ``` ```bash murphysec scan /path/to/project --maven-jdk "17" ``` ```bash murphysec scan /path/to/project --maven-version "3.9.0" ``` ```bash murphysec scan /path/to/project --maven-arg "-DskipTests" --maven-arg "-Dmaven.test.skip=true" ``` ```bash murphysec scan /path/to/project --maven-prepend-arg "-Denv=production" ``` ```bash murphysec dfscan /path/to/project --maven-module-name "core" --maven-module-name "api" ``` -------------------------------- ### Global Options - Server and Network Configuration Source: https://context7.com/murphysecurity/murphysec/llms.txt Configures custom server addresses and network settings for enterprise deployments. ```APIDOC ## Global Options ### Server and Network Configuration Configures custom server addresses and network settings for enterprise deployments. ```bash # Use custom server address murphysec scan /path/to/project --server "https://your-enterprise-server.com" # Allow insecure TLS connections (self-signed certificates) murphysec scan /path/to/project --server "https://internal-server.local" --allow-insecure # Don't wait for scan results (async mode) murphysec scan /path/to/project --no-wait # Specify team ID for multi-team organizations murphysec scan /path/to/project --team-id "team-123" ``` ``` -------------------------------- ### Execute Dependency File Scans Source: https://context7.com/murphysecurity/murphysec/llms.txt Perform faster scans focusing solely on package management files. ```bash # Dependency file scan murphysec dfscan /path/to/project # With JSON output murphysec dfscan /path/to/project --json # Skip building murphysec dfscan /path/to/project --no-build # Filter specific Gradle projects murphysec dfscan /path/to/project --gradle-project-name "app" ``` -------------------------------- ### Generate SPDX SBOM Source: https://context7.com/murphysecurity/murphysec/llms.txt Commands for generating Software Bill of Materials in SPDX-JSON format. ```bash murphysec sbom /path/to/project ``` ```bash murphysec sbom /path/to/project --out /path/to/output.json ``` ```bash murphysec sbom /path/to/project --no-build ``` -------------------------------- ### Add Project Tags for Organization Source: https://context7.com/murphysecurity/murphysec/llms.txt Applies custom tags (max 10 characters each) to scans for better organization and filtering on the MurphySec platform. ```bash # Add project tags (max 10 characters each) murphysec scan /path/to/project \ --project-tag "prod" \ --project-tag "api" \ --project-tag "v2.0" ``` -------------------------------- ### Global Options - Logging Configuration Source: https://context7.com/murphysecurity/murphysec/llms.txt Configures logging behavior for debugging and audit purposes. ```APIDOC ### Logging Configuration Configures logging behavior for debugging and audit purposes. ```bash # Set log level (silent, error, warn, info, debug) murphysec scan /path/to/project --log-level debug # Disable log file writing murphysec scan /path/to/project --no-log-file # Write logs to custom file murphysec scan /path/to/project --write-log-to /path/to/custom.log ``` ``` -------------------------------- ### Configure Advanced Scan Options Source: https://context7.com/murphysecurity/murphysec/llms.txt Customize scan behavior including build settings, output formats, and deep analysis features. ```bash # Skip project building (only parse manifest files) murphysec scan /path/to/project --no-build # Enable deep analysis with code feature identification murphysec scan /path/to/project --deep # Output results as JSON murphysec scan /path/to/project --json # Scan with verbose logging murphysec scan /path/to/project --log-level debug # Skip Skills security scanning murphysec scan /path/to/project --skip-skills # Scan binary files only, skip source code murphysec scan /path/to/project --binary-only # Enable code snippet scanning for SBOM detection murphysec scan /path/to/project --scan-snippets # Get only the task ID without waiting for results murphysec scan /path/to/project --only-task-id ``` -------------------------------- ### Global Options - Upload Configuration Source: https://context7.com/murphysecurity/murphysec/llms.txt Configures file upload behavior for deep scanning mode. ```APIDOC ### Upload Configuration Configures file upload behavior for deep scanning mode. ```bash # Set maximum concurrent uploads murphysec scan /path/to/project --deep --max-concurrent-uploads 4 ``` ``` -------------------------------- ### Perform Docker Image Scans Source: https://context7.com/murphysecurity/murphysec/llms.txt Commands for scanning container images for vulnerabilities. ```bash murphysec imagescan /path/to/image.tar ``` ```bash murphysec imagescan /path/to/image.tar --project-name "my-container-image" ``` -------------------------------- ### Authenticate with MurphySec Source: https://context7.com/murphysecurity/murphysec/llms.txt Manage user authentication via interactive prompts or direct token input. ```bash # Interactive login - prompts for token input murphysec auth login # Login with token directly murphysec auth login YOUR_ACCESS_TOKEN # Force overwrite existing token murphysec auth login --force YOUR_NEW_ACCESS_TOKEN ``` -------------------------------- ### Configure Custom Server Address Source: https://context7.com/murphysecurity/murphysec/llms.txt Specifies a custom server address for enterprise deployments. Use with caution for self-signed certificates. ```bash # Use custom server address murphysec scan /path/to/project --server "https://your-enterprise-server.com" ``` ```bash # Allow insecure TLS connections (self-signed certificates) murphysec scan /path/to/project --server "https://internal-server.local" --allow-insecure ``` -------------------------------- ### Generate Custom SBOM Formats Source: https://context7.com/murphysecurity/murphysec/llms.txt Commands for generating SBOMs using MurphySec's custom format. ```bash murphysec dfscan /path/to/project --sbom-format msdx1.1+json --sbom-output - ``` ```bash murphysec dfscan /path/to/project --sbom-format msdx1.1+json --sbom-output /path/to/sbom.json ``` ```bash murphysec envscan --sbom-format msdx1.1+json --sbom-output /path/to/env-sbom.json ``` -------------------------------- ### Specify Distribution Type Source: https://context7.com/murphysecurity/murphysec/llms.txt Sets the distribution type for the scanned project. Options include external, internal, saas, and open_source. ```bash # Specify distribution type murphysec scan /path/to/project --distribution "internal" # Options: external, internal, saas, open_source ``` -------------------------------- ### Global Options - Project Tags and Metadata Source: https://context7.com/murphysecurity/murphysec/llms.txt Adds custom metadata to scans for organization and filtering on the MurphySec platform. ```APIDOC ### Project Tags and Metadata Adds custom metadata to scans for organization and filtering on the MurphySec platform. ```bash # Add project tags (max 10 characters each) murphysec scan /path/to/project \ --project-tag "prod" \ --project-tag "api" \ --project-tag "v2.0" # Add extra data for custom processing murphysec scan /path/to/project --extra-data '{"environment": "production", "team": "backend"}' # Specify distribution type murphysec scan /path/to/project --distribution "internal" # Options: external, internal, saas, open_source ``` ``` -------------------------------- ### murphysec scan Source: https://github.com/murphysecurity/murphysec/blob/v3/README.md Command to initiate security detections on a specified directory. ```APIDOC ## murphysec scan ### Description Runs security detections on the specified directory. ### Usage `murphysec scan DIR [flags]` ### Parameters #### Path Parameters - **DIR** (string) - Required - The directory path to scan. #### Flags - **--json** (boolean) - Optional - Output results in JSON format. - **--server** (string) - Optional - Specify server address. - **--token** (string) - Optional - Specify API token. - **--log-level** (string) - Optional - Specify log level (silent|error|warn|info|debug). - **--no-log-file** (boolean) - Optional - Do not write log file. - **--write-log-to** (string) - Optional - Specify log file path. ``` -------------------------------- ### Configure Maximum Concurrent Uploads Source: https://context7.com/murphysecurity/murphysec/llms.txt Sets the maximum number of concurrent uploads for deep scanning mode. ```bash # Set maximum concurrent uploads murphysec scan /path/to/project --deep --max-concurrent-uploads 4 ``` -------------------------------- ### Add Extra Data for Custom Processing Source: https://context7.com/murphysecurity/murphysec/llms.txt Includes arbitrary JSON data with the scan results for custom processing. ```bash # Add extra data for custom processing murphysec scan /path/to/project --extra-data '{"environment": "production", "team": "backend"}' ``` -------------------------------- ### GitLab CI Integration for Security Scan Source: https://context7.com/murphysecurity/murphysec/llms.txt Integrates MurphySec CLI into GitLab CI/CD pipelines for vulnerability detection. Requires MURPHYSEC_TOKEN CI/CD variable. ```yaml # .gitlab-ci.yml security-scan: stage: test image: ubuntu:latest before_script: - apt-get update && apt-get install -y curl - curl -fsSL https://s.murphysec.com/release/install.sh | bash script: - murphysec scan . --token $MURPHYSEC_TOKEN --project-name "$CI_PROJECT_NAME" --log-level info only: - main - merge_requests ``` -------------------------------- ### murphysec auth Source: https://github.com/murphysecurity/murphysec/blob/v3/README.md Commands for managing user authentication and session state. ```APIDOC ## murphysec auth ### Description Manages user certification and session authentication. ### Commands - **login**: Authenticate the user. - **logout**: Terminate the current session. ``` -------------------------------- ### GitHub Actions Workflow for Security Scan Source: https://context7.com/murphysecurity/murphysec/llms.txt Automates security scanning on push or pull request events to the main branch. Requires a MURPHYSEC_TOKEN secret. ```yaml name: Security Scan on: push: branches: [main] pull_request: branches: [main] jobs: security-scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Install MurphySec CLI run: | curl -fsSL https://s.murphysec.com/release/install.sh | bash - name: Run Security Scan env: MURPHYSEC_TOKEN: ${{ secrets.MURPHYSEC_TOKEN }} run: | murphysec scan . \ --token $MURPHYSEC_TOKEN \ --project-name "${{ github.repository }}" \ --json > scan-results.json - name: Upload Scan Results uses: actions/upload-artifact@v3 with: name: security-scan-results path: scan-results.json ``` -------------------------------- ### Configure Scan Logging Level Source: https://context7.com/murphysecurity/murphysec/llms.txt Sets the verbosity of the scan logs. Available levels: silent, error, warn, info, debug. ```bash # Set log level (silent, error, warn, info, debug) murphysec scan /path/to/project --log-level debug ``` -------------------------------- ### JSON Output Format - Scan Result Structure Source: https://context7.com/murphysecurity/murphysec/llms.txt Details the structure of the JSON output when the `--json` flag is used, suitable for programmatic processing. ```APIDOC ## JSON Output Format ### Scan Result JSON Structure When using the `--json` flag, the CLI outputs detailed scan results in JSON format suitable for programmatic processing. ```json { "err_code": 0, "err_msg": "Succeeded", "task_id": "task-abc123", "subtask_id": "subtask-xyz789", "project_id": "proj-456", "dependencies_count": 150, "issues_count": 5, "issues_level_count": { "critical": 1, "high": 2, "medium": 1, "low": 1 }, "project_score": 75, "surpass_score": 80, "share_url": "https://www.murphysec.com/share/xxx", "detail_url": "https://www.murphysec.com/console/detail/xxx", "comps": [ { "comp_name": "lodash", "comp_version": "4.17.15", "show_level": 1, "min_fixed_version": "4.17.21", "is_direct_dependency": true, "comp_sec_score": 60, "package_manager": "npm", "vulns": [ { "mps_id": "MPS-2020-xxxxx", "cve_id": "CVE-2020-28500", "title": "Prototype Pollution in lodash", "description": "Lodash versions prior to 4.17.21 are vulnerable...", "level": "High", "influence": 85, "poc": true, "publish_time": 1615420800, "affected_version": "<4.17.21", "min_fixed_version": "4.17.21", "vuln_type": "Prototype Pollution", "rce": false, "solutions": [ { "type": "upgrade", "description": "Upgrade to version 4.17.21 or later" } ] } ], "fix_plans": { "plan1": { "target_version": "4.17.21", "compatibility_score": 95, "security_score": 100 } } } ] } ``` ``` -------------------------------- ### Logout from MurphySec Source: https://context7.com/murphysecurity/murphysec/llms.txt Clears the locally stored authentication token. ```bash # Remove stored token murphysec auth logout ``` -------------------------------- ### Control Log File Writing Source: https://context7.com/murphysecurity/murphysec/llms.txt Disables writing scan logs to a file or specifies a custom log file path. ```bash # Disable log file writing murphysec scan /path/to/project --no-log-file ``` ```bash # Write logs to custom file murphysec scan /path/to/project --write-log-to /path/to/custom.log ``` -------------------------------- ### Specify Team ID for Scans Source: https://context7.com/murphysecurity/murphysec/llms.txt Assigns scans to a specific team within a multi-team organization. ```bash # Specify team ID for multi-team organizations murphysec scan /path/to/project --team-id "team-123" ``` -------------------------------- ### Disable Scan Result Waiting Source: https://context7.com/murphysecurity/murphysec/llms.txt Runs the scan in asynchronous mode, returning immediately without waiting for results. ```bash # Don't wait for scan results (async mode) murphysec scan /path/to/project --no-wait ``` -------------------------------- ### MurphySec Scan Result JSON Structure Source: https://context7.com/murphysecurity/murphysec/llms.txt The detailed structure of scan results when the `--json` flag is used, suitable for programmatic analysis. ```json { "err_code": 0, "err_msg": "Succeeded", "task_id": "task-abc123", "subtask_id": "subtask-xyz789", "project_id": "proj-456", "dependencies_count": 150, "issues_count": 5, "issues_level_count": { "critical": 1, "high": 2, "medium": 1, "low": 1 }, "project_score": 75, "surpass_score": 80, "share_url": "https://www.murphysec.com/share/xxx", "detail_url": "https://www.murphysec.com/console/detail/xxx", "comps": [ { "comp_name": "lodash", "comp_version": "4.17.15", "show_level": 1, "min_fixed_version": "4.17.21", "is_direct_dependency": true, "comp_sec_score": 60, "package_manager": "npm", "vulns": [ { "mps_id": "MPS-2020-xxxxx", "cve_id": "CVE-2020-28500", "title": "Prototype Pollution in lodash", "description": "Lodash versions prior to 4.17.21 are vulnerable...", "level": "High", "influence": 85, "poc": true, "publish_time": 1615420800, "affected_version": "<4.17.21", "min_fixed_version": "4.17.21", "vuln_type": "Prototype Pollution", "rce": false, "solutions": [ { "type": "upgrade", "description": "Upgrade to version 4.17.21 or later" } ] } ], "fix_plans": { "plan1": { "target_version": "4.17.21", "compatibility_score": 95, "security_score": 100 } } } ] } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.