The HeroDevs CLI
- HeroDevs End of Life Dataset Terms of Service and Data Policy
- HeroDevs End of Life Dataset Data Privacy and Security
- Install node v20 or higher: Download Node
- The HeroDevs CLI expects that you have all required technology installed for the project that you are running the CLI against
- For example, if you are running the CLI against a Gradle project, the CLI expects you to have Java installed.
With Node installed, you can run the CLI directly from the npm registry without installing it globally or locally on your system
npx @herodevs/cli@betanpm install -g @herodevs/cli@betaHeroDevs CLI is available as a binary installation, without requiring npm. To do that, you may either download and run the script manually, or use the following cURL or Wget command:
curl -o- https://raw.githubusercontent.com/herodevs/cli/v2.0.0-beta.11/scripts/install.sh | bashwget -qO- https://raw.githubusercontent.com/herodevs/cli/v2.0.0-beta.11/scripts/install.sh | bashThe CLI is designed to be non-invasive:
- It does not install dependencies or modify package manager files (package-lock.json, yarn.lock, etc.)
- It analyzes the project in its current state
Some projects and ecosystems require projects to have dependencies installed already, to achieve an accurate scan result. It is highly recommended that you install all dependencies of your project to your working directory, before running a scan on your project, to ensure scan accuracy.
Maven and Gradle projects should run an install and build before scanning
$ npm install -g @herodevs/cli@beta
$ hd COMMAND
running command...
$ hd (--version)
@herodevs/cli/2.0.0-beta.10 darwin-arm64 node-v22.18.0
$ hd --help [COMMAND]
USAGE
$ hd COMMAND
...hd help [COMMAND]hd scan eolhd update [CHANNEL]- NOTE: Only applies to binary installation method. NPM users should use
npm installto update to the latest version.
- NOTE: Only applies to binary installation method. NPM users should use
Display help for hd.
USAGE
$ hd help [COMMAND...] [-n]
ARGUMENTS
COMMAND... Command to show help for.
FLAGS
-n, --nested-commands Include all nested commands in the output.
DESCRIPTION
Display help for hd.
See code: @oclif/plugin-help
Scan a given SBOM for EOL data
USAGE
$ hd scan eol [--json] [-f <value> | -d <value>] [-s] [-o <value>] [--saveSbom] [--sbomOutput <value>] [--saveTrimmedSbom] [--hideReportUrl] [--version]
FLAGS
-d, --dir=<value> [default: <current directory>] The directory to scan in order to scan for EOL
-f, --file=<value> The file path of an existing SBOM to scan for EOL (supports CycloneDX and SPDX 2.3 formats)
-s, --save Save the generated report as herodevs.report.json in the scanned directory
-o, --output=<value> Save the generated report to a custom path (requires --save, defaults to herodevs.report.json when not provided)
--hideReportUrl Hide the generated web report URL for this scan
--saveSbom Save the generated SBOM as herodevs.sbom.json in the scanned directory
--sbomOutput=<value> Save the generated SBOM to a custom path (requires --saveSbom, defaults to herodevs.sbom.json when not provided)
--saveTrimmedSbom Save the trimmed SBOM as herodevs.sbom-trimmed.json in the scanned directory
--version Show CLI version.
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
Scan a given SBOM for EOL data
EXAMPLES
Default behavior (no command or flags specified)
$ hd
Equivalent to
$ hd scan eol --dir .
Skip SBOM generation and specify an existing file
$ hd scan eol --file /path/to/sbom.json
Save the report or SBOM to a file
$ hd scan eol --save --saveSbom
Save the report and SBOM to custom paths
$ hd scan eol --dir . --save --saveSbom --output ./reports/my-report.json --sbomOutput ./reports/my-sbom.json
Output the report in JSON format (for APIs, CI, etc.)
$ hd scan eol --json
See code: src/commands/scan/eol.ts
update the hd CLI
- NOTE: Only applies to binary installation method. NPM users should use
npm installto update to the latest version.
USAGE
$ hd update [CHANNEL] [--force | | [-a | -v <value> | -i]] [-b ]
FLAGS
-a, --available See available versions.
-b, --verbose Show more details about the available versions.
-i, --interactive Interactively select version to install. This is ignored if a channel is provided.
-v, --version=<value> Install a specific version.
--force Force a re-download of the requested version.
DESCRIPTION
update the hd CLI
EXAMPLES
Update to the stable channel:
$ hd update stable
Update to a specific version:
$ hd update --version 1.0.0
Interactively select version:
$ hd update --interactive
See available versions:
$ hd update --available
See code: @oclif/plugin-update
You can use @herodevs/cli in your CI/CD pipelines to automate EOL scanning.
We provide a Docker image that's pre-configured to run EOL scans. Based on cdxgen,
it contains build tools for most project types and will provide best results when generating an SBOM. Use these templates to generate a report and save it to your CI job artifact for analysis and processing after your scan runs.
## .github/workflows/herodevs-eol-scan.yml
name: HeroDevs EOL Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
scan:
runs-on: ubuntu-latest
environment: demo
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Run EOL Scan
run: |
docker run --rm \
-v $GITHUB_WORKSPACE:/app \
-w /app \
ghcr.io/herodevs/eol-scan --save
- name: Upload artifact
uses: actions/upload-artifact@v5
with:
name: my-eol-report
path: ./herodevs.report.jsoneol-scan:
image:
name: "ghcr.io/herodevs/eol-scan"
# Entrypoint or base command must be disabled due
# to GitLab's execution mechanism and run manually
entrypoint: [""]
script: "npx @herodevs/cli@beta scan eol -s"
artifacts:
paths:
- herodevs.report.jsonYou can use npx to run the CLI in your CI pipeline, just like you would run it locally.
Note
The development environment is expected to be ready to run the app. For best results, prefer using the prebuilt image, but otherwise, prepare all requirements before the scan step.
## .github/workflows/herodevs-eol-scan.yml
name: HeroDevs EOL Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v6
with:
node-version: '22'
- run: echo # Prepare environment, install tooling, perform setup, etc.
- name: Run EOL Scan
run: npx @herodevs/cli@beta scan eol
- name: Upload artifact
uses: actions/upload-artifact@v5
with:
name: my-eol-report
path: herodevs.report.jsonimage: alpine
eol-scan:
script:
- echo # Prepare environment, install tooling, perform setup, etc.
- npx @herodevs/cli@beta scan eol -s
artifacts:
paths:
- herodevs.report.jsonThe same pre-configured image can be pulled locally to scan in an optimized environment. Mount your code
to /app or a specified working directory to perform the scan:
docker run -v "$PWD":/app ghcr.io/herodevs/eol-scan