Skip to main content

phylum analyze

Submit a request for analysis to the processing system

Usage: phylum analyze [OPTIONS] [DEPENDENCY_FILE]...

Argumentsโ€‹

[DEPENDENCY_FILE] โ€ƒ Path to the dependency file to submit

Optionsโ€‹

-l, --label <LABEL> โ€ƒ Specify a label to use for analysis

-j, --json โ€ƒ Produce output in json format (default: false)

-p, --project <PROJECT_NAME> โ€ƒ Specify a project to use for analysis

-g, --group <GROUP_NAME> โ€ƒ Specify a group to use for analysis

-t, --type <TYPE> โ€ƒ Dependency file type used for all lockfiles (default: auto) โ€ƒ Accepted values: npm, yarn, pnpm, gem, pip, poetry, pipenv, mvn, gradle, nugetlock, msbuild, go, cargo, spdx, cyclonedx, auto

--skip-sandbox โ€ƒ Run lockfile generation without sandbox protection

--no-generation โ€ƒ Disable generation of lockfiles from manifests

-v, --verbose... โ€ƒ Increase the level of verbosity (the maximum is -vvv)

-q, --quiet... โ€ƒ Reduce the level of verbosity (the maximum is -qq)

-h, --help โ€ƒ Print help

Detailsโ€‹

The following order is used to determine which dependency file will be analyzed:

  • CLI DEPENDENCY_FILE argument
  • Dependency files in the .phylum_project file specified during phylum init
  • Recursive filesystem search

If any of these locations provides a dependency file, no further search will be done. Recursive filesystem search takes common ignore files like .gitignore and .ignore into account.

Examplesโ€‹

# Analyze your project's default dependency files
$ phylum analyze

# Analyze a Maven lockfile with a verbose json response
$ phylum analyze --json --verbose effective-pom.xml

# Analyze a PyPI dependency file and apply a label
$ phylum analyze --label test_branch requirements.txt

# Analyze a Poetry lockfile and return the results to the 'sample' project
$ phylum analyze -p sample poetry.lock

# Analyze a NuGet lockfile using the 'sample' project and 'sGroup' group
$ phylum analyze -p sample -g sGroup packages.lock.json

# Analyze a RubyGems lockfile and return a verbose response with only critical malware
$ phylum analyze --verbose --filter=crit,mal Gemfile.lock

# Analyze the `Cargo.lock` and `lockfile` files as cargo dependency files
$ phylum analyze --type cargo Cargo.lock lockfile