### Sigrid CI Command Line Usage Examples Source: https://context7.com/software-improvement-group/sigridci/llms.txt A collection of command-line examples for the sigridci.py script, demonstrating various functionalities such as basic usage, publishing, excluding files, including paths, and setting up proxies. It also lists the exit codes for interpreting the results. ```bash # Basic usage sigridci.py --customer --system --source # Publish to Sigrid (visible at sigrid-says.com) sigridci.py --customer mycompany --system mysystem --source . --publish # Publish only (no CI feedback, fire-and-forget) sigridci.py --customer mycompany --system mysystem --source . --publishonly # With subsystem for multi-repo systems sigridci.py --customer mycompany --system mysystem --subsystem frontend --source . # Select specific capabilities sigridci.py --customer mycompany --system mysystem --source . --capability maintainability,osh # Exclude files/directories from upload sigridci.py --customer mycompany --system mysystem --source . --exclude /build/,/dist/,.png # Include only specific paths sigridci.py --customer mycompany --system mysystem --source . --include /src/,/lib/ # Custom output directory sigridci.py --customer mycompany --system mysystem --source . --out /tmp/sigrid-output # Show upload contents for debugging sigridci.py --customer mycompany --system mysystem --source . --showupload # Use proxy export SIGRID_CI_PROXY_URL="http://proxy.example.com:8080" sigridci.py --customer mycompany --system mysystem --source . # Exit codes: # 0 = All quality checks passed # 1 = Error occurred # 2 = Failed maintainability objective # 4 = Failed Open Source Health objective # 8 = Failed security objective # Codes stack: 6 = failed both maintainability and OSH ``` -------------------------------- ### Example cURL Request Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/integrations/sigrid-api-documentation.md An example of how to make a request to the Sigrid API using cURL. ```APIDOC ## Example cURL Request ```bash curl -H 'Authorization: Bearer {SIGRID_CI_TOKEN}' https://sigrid-says.com/rest/analysis-results/api/v1/maintainability/{customer} ``` - `{customer}`: Your company's Sigrid account name (lower case). - `{SIGRID_CI_TOKEN}`: Your authentication token. ``` -------------------------------- ### Install mcp-remote CLI Tool Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/integrations/integration-sigrid-mcp.md This command installs the `mcp-remote` command-line interface tool globally using npm. This tool is necessary for connecting IDEs and other clients to the Sigrid MCP server. ```bash npm install -g mcp-remote ``` -------------------------------- ### Manual System Publishing with Docker Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/organization-integration/onpremise-analysis.md This snippet demonstrates how to run the Sigrid-Multi-Analyzer Docker container to perform an ad-hoc analysis and publish the results to Sigrid. It includes the use of environment variables and volume mounting. ```APIDOC ## Manually publishing a system to Sigrid This section describes how to manually start an analysis and publish the results to Sigrid, which is useful for systems without a pipeline or for ad-hoc imports. ### Docker Command Example This command runs the Sigrid-Multi-Analyzer container, using an environment file for configuration, mounting a local directory as the source, and initiating the analysis. ```bash docker run \ --env-file sigrid-ci-config.txt \ -v /mysystem:/tmp/sources \ -ti softwareimprovementgroup/sigrid-multi-analyzer:$SIGRID_VERSION \ --publish ``` ### Environment Variables for Manual Publishing These environment variables are specifically required when publishing a system manually to connect to external source code repositories. #### `SOURCES_API_BASE_URL` - **Type**: string - **Required**: Yes (manual publishing only) - **Description**: The entry point for the API of the source code repository. - **Example Value**: `https://github.example.com/api/v3` #### `SOURCES_PROJECT_SLUG` - **Type**: string - **Required**: Yes (manual publishing only) - **Description**: The project slug identifies your project within your CI/CD environment. It typically appears in URLs displayed in your browser, representing the part that follows the server address. - **Example Value**: `Software-Improvement-Group/sigridci` (derived from `https://github.example.com/Software-Improvement-Group/sigridci`) #### `SOURCES_REF` - **Type**: string - **Required**: No (manual publishing only) - **Description**: The branch name for the source view. Defaults to 'main' if not provided. - **Example Value**: `patch_20250123` (derived from `https://github.com/api/v3/repos/Software-Improvement-Group/sigridci/branches/patch_20250123`) ``` -------------------------------- ### Minimal sigrid.yaml for Language Configuration Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/reference/analysis-scope-configuration.md This minimal example demonstrates how to configure the languages that SigridCI should analyze in your project. It specifies a list of programming languages to be included in the analysis. ```yaml languages: - name: TypeScript - name: JavaScript ``` -------------------------------- ### Configure Architecture Quality History Start Date Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/reference/analysis-scope-configuration.md This snippet shows how to define a precise start date for the Architecture Quality analysis of the repository's history. This allows for a more granular examination of past code changes than a simple period. ```yaml architecture: history_start: "2023-01-01" ``` -------------------------------- ### Configure Sigrid Helm Chart for Automated Database Initialization Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/organization-integration/onpremise-automated-database-initialization.md This YAML configuration demonstrates how to enable the automated database initialization job within the Sigrid Helm chart. It includes settings for the initialization image, PostgreSQL host connection, and the necessary secrets for database user management. ```yaml global: imageRegistry: "my-registry.example.com" imageTag: "1.0.20260309" hosts: - host: "my-sigrid.example.com" tls: enabled: true secretName: "my-tls-secret" onPremise: customer: "company" administrators: - "admin@company.com" postgresInit: enabled: true image: repository: "softwareimprovementgroup/sigrid-integrations-onprem" tag: "1.0.20260309" config: host: "my-postgres.example.com" sslMode: "verify-full" stopOnError: true secrets: create: true secretName: "postgres-init-secret" data: PGPASSWORD: "" DB_MGMT_USER_PASSWD: "" IMPORT_USER_PASSWD: "" OSH_KB_UPDATER_PASSWD: "" LICENSES_USER_PASSWD: "" METRICS_USER_PASSWD: "" READONLY_USER_PASSWD: "" WEBAPP_USER_PASSWD: "" AUTH_DB_MGMT_USER_PASSWD: "" AUTH_DB_READONLY_USER_PASSWD: "" AUTH_DB_WEBAPP_USER_PASSWD: "" customCertificates: enabled: true certificates: create: true name: "postgres-init-custom-certs" data: postgres-ca.pem: | -----BEGIN CERTIFICATE----- ..... -----END CERTIFICATE----- ``` -------------------------------- ### Jenkins Pipeline for Sigrid CI (Script Download) Source: https://context7.com/software-improvement-group/sigridci/llms.txt This Jenkinsfile shows an alternative approach for Sigrid CI integration where the script is downloaded from GitHub. It clones the repository and then executes the sigridci.py script. This method is useful if direct Docker image usage is not preferred. ```groovy pipeline { agent any environment { SIGRID_CI_TOKEN = credentials('SIGRID_CI_TOKEN') PYTHONIOENCODING = 'utf8' } stages { stage('build') { steps { sh 'git clone --depth 1 https://github.com/Software-Improvement-Group/sigridci.git sigridci' sh './sigridci/sigridci/sigridci.py --customer mycompany --system mysystem --source . --publish' } } } } ``` -------------------------------- ### GET /system-metadata/{customer} Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/integrations/sigrid-api-documentation.md Retrieves metadata for all systems associated with a specific customer. ```APIDOC ## GET /system-metadata/{customer} ### Description Retrieves a list of metadata for all systems belonging to the specified customer. ### Method GET ### Endpoint https://sigrid-says.com/rest/analysis-results/api/v1/system-metadata/{customer} ### Parameters #### Path Parameters - **customer** (string) - Required - The Sigrid account name. ### Response #### Success Response (200) - **Array** (object) - A list of system metadata objects. ``` -------------------------------- ### GET /model-ratings/{customer}/{system} Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/integrations/sigrid-api-documentation.md Retrieves security ratings for a specific system. ```APIDOC ## GET /model-ratings/{customer}/{system} ### Description Retrieves the current security ratings for a specific system within a customer's portfolio. ### Method GET ### Endpoint https://sigrid-says.com/rest/analysis-results/api/v1/model-ratings/{customer}/{system}?feature=SECURITY ### Parameters #### Path Parameters - **customer** (string) - Required - The unique identifier for the customer. - **system** (string) - Required - The unique identifier for the system. #### Query Parameters - **feature** (string) - Required - Must be set to 'SECURITY'. - **endDate** (string) - Optional - The date in yyyy-mm-dd format to retrieve ratings for a specific point in time. ### Response #### Success Response (200) - **id** (string) - The rating model ID. - **name** (string) - The name of the rating model. - **systemName** (string) - The name of the system. - **adherenceScore** (float) - The calculated adherence score. - **rating** (float) - The numerical rating value. #### Response Example [ { "id": "ow10", "name": "OWASP Top 10 (2021)", "feature": "SECURITY", "systemName": "mysystem", "adherenceScore": 0.72, "rating": 3.5 } ] ``` -------------------------------- ### Get Reliability Findings Source: https://context7.com/software-improvement-group/sigridci/llms.txt Retrieve reliability findings for a specific company and system. ```APIDOC ## GET /rest/analysis-results/api/v1/reliability-findings/{company}/{system} ### Description Retrieve reliability findings for a specific company and system. ### Method GET ### Endpoint `/rest/analysis-results/api/v1/reliability-findings/{company}/{system}` ### Response #### Success Response (200) - **findings** (array) - A list of reliability findings. Each finding may include details like `severity`, `status`, `technology`, `filePath`, `unitName`, `startLine`, `endLine`, and `loc`. #### Response Example ```json [ { "severity": "CRITICAL", "status": "RAW", "technology": "java", "filePath": "src/main/java/Example.java", "unitName": "processData", "startLine": 45, "endLine": 120, "loc": 75 } ] ``` ``` -------------------------------- ### GET /analysis-results/api/v1/licenses/{customer} Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/integrations/sigrid-api-documentation.md Programmatically check active Sigrid licenses for a specific customer. ```APIDOC ## GET /analysis-results/api/v1/licenses/{customer} ### Description Allows users to programmatically obtain the list of active licenses for a specific Sigrid account. ### Method GET ### Endpoint https://sigrid-says.com/rest/analysis-results/api/v1/licenses/{customer} ### Response #### Success Response (200) - **customer** (string) - The customer name. - **licenses** (array of strings) - List of active licenses. #### Response Example { "customer": "example", "licenses": ["MAINTAINABILITY", "ARCHITECTURE_QUALITY", "OPEN_SOURCE_HEALTH"] } ``` -------------------------------- ### Sigrid CI Command Line Arguments Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/reference/client-script-usage.md This section details the available command-line arguments for Sigrid CI, including their purpose, whether they are required, and example values. ```APIDOC ## Sigrid CI Command Line Options The Sigrid CI script accepts mandatory arguments for identification and a wide range of optional arguments for customization. ### Command Line Arguments | Argument | Required | Example value | Description | |-------------------------------|----------|---------------------|-----------------------------------------------------------------------------------------------------------------------------------| | `--customer` | Yes | examplecustomername | Name of your organization's Sigrid account. Contact SIG support if you are not sure about this. | | `--system` | Yes | examplesystemname | Name of your system in Sigrid. Contact SIG support if you are not sure about this. | | `--subsystem ` | No | frontend | Used to map between repository directory structure versus the one known by Sigrid. | | `--source` | No | . | Path of your project's source code. Use "." for current directory. | | `--capability` | No | maintainability,osh | Comma-separated list of Sigrid capabilities (e.g. `maintainability,osh`). Default is based on your Sigrid license. | | `--publish` | No | N/A | Automatically publishes analysis results to Sigrid. | | `--publishonly` | No | N/A | Publishes analysis results to Sigrid, but *does not* provide feedback in the CI environment itself. | | `--exclude` | No | /build/,.png | Comma-separated list of file and/or directory names that should be excluded from the upload. | | `--include` | No | /build/,.png | Comma-separated list of file and/or directory names that should be included in the upload. | | `--showupload` | No | N/A | Logs the contents of the upload before submitting it to Sigrid. | | `--convert` | No | beinformed | Used for some technologies. See [technology conversion configuration](technology-support.md#technology-conversion-configuration). | | `--out` | No | /tmp | Output directory for Sigrid CI feedback, default is `sigrid-ci-output`. | | `--ignore-missing-scope-file` | No | N/A | Don't fail if the `sigrid.yaml` scope file is missing (e.g. if it's provided through a different repository). | ### Notes on Arguments 1. **`--customer`**: Customer names can only contain lowercase letters and numbers. 2. **`--system`**: System names must be 2-64 characters long and may use letters, digits, and hyphens, but cannot start or end with a hyphen or contain consecutive hyphens. 3. **`--publish` vs `--publishonly`**: Use `--publish` for main branch commits and typically omit it for pull requests. `--publishonly` sends results to Sigrid without CI feedback. 4. **`--exclude`**: Excludes files/directories in addition to Sigrid's default excludes (e.g., third-party libraries, build output). 5. **`--subsystem`**: Must be at least two characters long, start and end with a letter or digit, and may include letters, digits, dots, underscores, dashes, or slashes, but cannot contain consecutive dots or slashes. 6. **`--include`**: Narrows the upload to specific folders/files. Can be used in conjunction with `--exclude`. 7. **Path Formatting**: Folders in `--include` and `--exclude` should always be surrounded by '/' characters. ``` -------------------------------- ### Create ZIP Archive for Sigrid Upload Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/organization-integration/upload-instructions.md Commands to clone a repository, generate a Git history log, remove the .git directory, and compress the source code into a ZIP file. This process ensures Sigrid has the necessary data for architecture quality analysis. ```bash git clone https://github.com/LeaVerou/awesomplete.git code cd code git --no-pager log --date=iso --format='@@@;%H;%an;%ae;%cn;%ce;%cd;%s' --numstat --no-merges > git.log rm -rf .git zip -r your-project.zip . ``` ```powershell git clone https://github.com/LeaVerou/awesomplete.git code cd code git --no-pager log --date=iso --format='@@@;%H;%an;%ae;%cn;%ce;%cd;%s' --numstat --no-merges | Out-File -FilePath git.log -Encoding 'utf8' Remove-Item -Recurse -Force .git cd .. Compress-Archive -Path code\* -DestinationPath .\your-project.zip ``` -------------------------------- ### GET /system-metadata/{customer}/{system} Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/integrations/sigrid-api-documentation.md Retrieves the metadata for a specific system belonging to a customer. ```APIDOC ## GET /system-metadata/{customer}/{system} ### Description Retrieves the metadata for a specific system within a customer account. ### Method GET ### Endpoint https://sigrid-says.com/rest/analysis-results/api/v1/system-metadata/{customer}/{system} ### Parameters #### Path Parameters - **customer** (string) - Required - The Sigrid account name. - **system** (string) - Required - The system ID. ### Response #### Success Response (200) - **displayName** (string) - User-friendly system name. - **divisionName** (string) - Division name. - **teamNames** (array) - List of team names. - **supplierNames** (array) - List of supplier names. - **lifecyclePhase** (string) - Lifecycle phase (e.g., EOL). - **inProductionSince** (integer) - Year in production. - **businessCriticality** (string) - Criticality level. #### Response Example { "displayName": "User-friendly system name", "teamNames": ["My Team"], "supplierNames": ["Supplier 1"], "lifecyclePhase": "EOL" } ``` -------------------------------- ### GET /rest/analysis-results/api/v1/architecture-quality/{customer}/{system} Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/integrations/sigrid-api-documentation.md Retrieves architecture quality ratings for a specific system. ```APIDOC ## GET /rest/analysis-results/api/v1/architecture-quality/{customer}/{system} ### Description Retrieves architecture quality ratings, subcharacteristics, and system properties for a specific system. ### Method GET ### Endpoint https://sigrid-says.com/rest/analysis-results/api/v1/architecture-quality/{customer}/{system} ### Parameters #### Path Parameters - **customer** (string) - Required - The Sigrid account name. - **system** (string) - Required - The system ID. ### Response #### Success Response (200) - **customer** (string) - Account name - **system** (string) - System name - **ratings** (object) - Contains architecture, subcharacteristics, and systemProperties. #### Response Example { "customer": "my-sigrid-account-name", "system": "my-system-name", "snapshotDate": "2022-01-31", "ratings": { "architecture": 3.84 } } ``` -------------------------------- ### Excluding Files and Directories in sigrid.yaml Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/reference/analysis-scope-configuration.md This example shows how to extend the default exclusion patterns in the sigrid.yaml file to ignore specific files and directories during analysis. It uses regular expressions to define paths to exclude. ```yaml exclude: - ".*[.]out[.]js" - ".*/simulator/.*" ``` -------------------------------- ### Jenkins Pipeline with Sigrid CI Script Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/sigridci-integration/jenkins.md This Jenkinsfile configures a pipeline to clone the Sigrid CI repository and execute the Python client script for analysis. It sets up necessary environment variables, including the Sigrid CI token and repository URL. The script is executed with specified parameters for customer, system, and source directory. ```groovy pipeline { agent any environment { SIGRID_CI_TOKEN = credentials('SIGRID_CI_TOKEN') PYTHONIOENCODING = 'utf8' SIGRID_CI_GITHUB = 'https://github.com/Software-Improvement-Group/sigridci.git' SIGRID_CI_DIR = 'sigridci' } stages { stage('build') { steps { sh 'git clone --depth 1 $SIGRID_CI_GITHUB $SIGRID_CI_DIR || git -C $SIGRID_CI_DIR pull' sh './$SIGRID_CI_DIR/sigridci/sigridci.py --customer --system --source . --publish' } } } } ``` -------------------------------- ### GET /model-ratings/{customer} Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/integrations/sigrid-api-documentation.md Retrieves security ratings for all systems in a customer's portfolio. ```APIDOC ## GET /model-ratings/{customer} ### Description Retrieves the current security ratings for all systems associated with the specified customer. ### Method GET ### Endpoint https://sigrid-says.com/rest/analysis-results/api/v1/model-ratings/{customer}?feature=SECURITY ### Parameters #### Path Parameters - **customer** (string) - Required - The unique identifier for the customer. #### Query Parameters - **feature** (string) - Required - Must be set to 'SECURITY'. - **endDate** (string) - Optional - The date in yyyy-mm-dd format to retrieve ratings for a specific point in time. ### Response #### Success Response (200) - **id** (string) - The rating model ID. - **name** (string) - The name of the rating model. - **systemName** (string) - The name of the system. - **adherenceScore** (float) - The calculated adherence score. - **rating** (float) - The numerical rating value. #### Response Example [ { "id": "ow10", "name": "OWASP Top 10 (2021)", "feature": "SECURITY", "systemName": "mysystem", "adherenceScore": 0.72, "rating": 3.5 } ] ``` -------------------------------- ### Fetch Maintainability Data via Sigrid API Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/integrations/sigrid-api-documentation.md Demonstrates how to retrieve maintainability metrics for a specific customer using the curl command-line tool. Requires an authorization token and the customer account name. ```bash curl -H 'Authorization: Bearer {SIGRID_CI_TOKEN}' https://sigrid-says.com/rest/analysis-results/api/v1/maintainability/{customer} ``` -------------------------------- ### GET /rest/analysis-results/api/v1/reliability-findings/{customer}/{system} Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/integrations/sigrid-api-documentation.md Retrieves all open reliability findings for a specific system. ```APIDOC ## GET /rest/analysis-results/api/v1/reliability-findings/{customer}/{system} ### Description Retrieves a list of open reliability findings for the specified customer and system. ### Method GET ### Endpoint https://sigrid-says.com/rest/analysis-results/api/v1/reliability-findings/{customer}/{system} ### Parameters #### Path Parameters - **customer** (string) - Required - The Sigrid account name. - **system** (string) - Required - The system ID. #### Query Parameters - **model** (string) - Optional - The model name (e.g., sigrel, 5055rel). ### Request Example GET https://sigrid-says.com/rest/analysis-results/api/v1/reliability-findings/my-account/my-system ### Response #### Success Response (200) - **findings** (array) - A list of reliability finding objects. ``` -------------------------------- ### GET /architecture-quality Source: https://context7.com/software-improvement-group/sigridci/llms.txt Retrieve architecture quality ratings and raw graph data for systems. ```APIDOC ## GET /architecture-quality/{customer}/{system} ### Description Retrieves the architecture quality ratings for a specific system or all systems within a company. ### Method GET ### Endpoint https://sigrid-says.com/rest/analysis-results/api/v1/architecture-quality/{customer}/{system} ### Parameters #### Path Parameters - **customer** (string) - Required - The company identifier. - **system** (string) - Optional - The specific system name. ### Response #### Success Response (200) - **ratings** (object) - Contains architecture scores and subcharacteristics. #### Response Example { "customer": "mycompany", "system": "mysystem", "ratings": { "architecture": 3.84 } } ``` -------------------------------- ### Configure Sigrid MCP for OpenCode Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/integrations/integration-sigrid-mcp.md JSON configuration format for the opencode.json project-level file. ```json { "mcp": { "SigridCode": { "type": "remote", "url": "https://sigrid-says.com/mcp", "headers": { "Authorization": "Bearer " } } } } ``` -------------------------------- ### Define Blocklist for Open Source Libraries Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/reference/analysis-scope-configuration.md This example demonstrates how to define a blocklist to exclude specific internal open-source libraries from the Sigrid scanning process. Regular expressions can be used for flexible matching. ```yaml dependencychecker: blocklist: - ".*companyname.*" ``` -------------------------------- ### GET /rest/analysis-results/api/v1/osh-findings/{customer}/{system} Source: https://github.com/software-improvement-group/sigridci/blob/main/docs/integrations/sigrid-api-documentation.md Retrieves third-party library information for a specific system under a customer. ```APIDOC ## GET /rest/analysis-results/api/v1/osh-findings/{customer}/{system} ### Description Retrieves the third-party libraries detected by Sigrid for a specific system and customer, including vulnerability and risk data. ### Method GET ### Endpoint https://sigrid-says.com/rest/analysis-results/api/v1/osh-findings/{customer}/{system} ### Parameters #### Path Parameters - **customer** (string) - Required - The customer identifier. - **system** (string) - Required - The system identifier. #### Query Parameters - **vulnerable** (boolean) - Optional - If true, returns only libraries with known vulnerabilities. Defaults to false. ### Response #### Success Response (200) - **sbom** (object) - The CycloneDX formatted SBOM containing component details and risk properties. #### Response Example { "sbom": { "components": [ { "name": "example-lib", "properties": [ { "name": "sigrid:risk:vulnerability", "value": "HIGH" } ] } ] } } ```