phylum analyze
Submit a request for analysis to the processing system
Usage: phylum analyze [OPTIONS] [DEPENDENCY_FILE]...
Argumentsβ
[DEPENDENCY_FILE]
β Path to the dependency file to submit
Optionsβ
-l, --label <LABEL>
β Specify a label to use for analysis
-j, --json
β Produce output in json format (default: false)
-p, --project <PROJECT_NAME>
β Specify a project to use for analysis
-g, --group <GROUP_NAME>
β Specify a group to use for analysis
-t, --type <TYPE>
β Dependency file type used for all lockfiles (default: auto)
β Accepted values: npm, yarn, pnpm, gem, pip, poetry, pipenv, mvn, gradle, msbuild, nugetlock, nugetconfig, gomod, go, cargo, spdx, cyclonedx, auto
--skip-sandbox
β Run lockfile generation without sandbox protection
--no-generation
β Disable generation of lockfiles from manifests
-o, --org <ORG>
β Phylum organization
-v, --verbose...
β Increase the level of verbosity (the maximum is -vvv)
-q, --quiet...
β Reduce the level of verbosity (the maximum is -qq)
-h, --help
β Print help
Detailsβ
The following order is used to determine which dependency file will be analyzed:
- CLI
DEPENDENCY_FILEargument - Dependency files in the
.phylum_projectfile specified duringphylum init - Recursive filesystem search
If any of these locations provides a dependency file, no further search will be
done. Recursive filesystem search takes common ignore files like .gitignore
and .ignore into account.
Examplesβ
# Analyze your project's default dependency files
$ phylum analyze
# Analyze a Maven lockfile with a verbose json response
$ phylum analyze --json --verbose effective-pom.xml
# Analyze a PyPI dependency file and apply a label
$ phylum analyze --label test_branch requirements.txt
# Analyze a Poetry lockfile and return the results to the `sample` project
$ phylum analyze -p sample poetry.lock
# Analyze a NuGet lockfile using the `sample` project and `sGroup` group
$ phylum analyze -p sample -g sGroup packages.lock.json
# Analyze a RubyGems lockfile and return a verbose response with only critical malware
$ phylum analyze --verbose --filter=crit,mal Gemfile.lock
# Analyze the `Cargo.lock` and `lockfile` files as cargo dependency files
$ phylum analyze --type cargo Cargo.lock lockfile