phylum analyze
Submit a request for analysis to the processing system
Usage: phylum analyze [OPTIONS] [DEPENDENCY_FILE]...
Argumentsโ
[DEPENDENCY_FILE]
โ Path to the dependency file to submit
Optionsโ
-l
, --label
<LABEL>
โ Specify a label to use for analysis
-j
, --json
โ Produce output in json format (default: false)
-p
, --project
<PROJECT_NAME>
โ Specify a project to use for analysis
-g
, --group
<GROUP_NAME>
โ Specify a group to use for analysis
-t
, --type
<TYPE>
โ Dependency file type used for all lockfiles (default: auto)
โ Accepted values: npm
, yarn
, pnpm
, gem
, pip
, poetry
, pipenv
, mvn
, gradle
, nugetlock
, msbuild
, go
, cargo
, spdx
, cyclonedx
, auto
--skip-sandbox
โ Run lockfile generation without sandbox protection
--no-generation
โ Disable generation of lockfiles from manifests
-v
, --verbose
...
โ Increase the level of verbosity (the maximum is -vvv)
-q
, --quiet
...
โ Reduce the level of verbosity (the maximum is -qq)
-h
, --help
โ Print help
Detailsโ
The following order is used to determine which dependency file will be analyzed:
- CLI
DEPENDENCY_FILE
argument - Dependency files in the
.phylum_project
file specified duringphylum init
- Recursive filesystem search
If any of these locations provides a dependency file, no further search will be
done. Recursive filesystem search takes common ignore files like .gitignore
and .ignore
into account.
Examplesโ
# Analyze your project's default dependency files
$ phylum analyze
# Analyze a Maven lockfile with a verbose json response
$ phylum analyze --json --verbose effective-pom.xml
# Analyze a PyPI dependency file and apply a label
$ phylum analyze --label test_branch requirements.txt
# Analyze a Poetry lockfile and return the results to the 'sample' project
$ phylum analyze -p sample poetry.lock
# Analyze a NuGet lockfile using the 'sample' project and 'sGroup' group
$ phylum analyze -p sample -g sGroup packages.lock.json
# Analyze a RubyGems lockfile and return a verbose response with only critical malware
$ phylum analyze --verbose --filter=crit,mal Gemfile.lock
# Analyze the `Cargo.lock` and `lockfile` files as cargo dependency files
$ phylum analyze --type cargo Cargo.lock lockfile