# Multi Scan

## xygeni multi-scan command

{% hint style="warning" %}
It’s important to ensure that the **JAVA\_HOME** environment variable points to the directory where Java is installed, which may or may not be done automatically depending on your platform. Additionally, you need to make sure that the $JAVA\_HOME/bin directory is included in your system’s PATH so that you can access the Java executable from anywhere on your system. Please see [Xygeni CLI Prerequisites](/xygeni-scanner-cli/xygeni-cli-overview/xygeni-cli-prerequisites.md) for further info.
{% endhint %}

It is usual to have a software split into multiple modules under different directories, possible under different git repositories (when following a polyrepo architecture), or in a single repository (when all pieces for a software are stored in the same repository, or in a monorepo architecture).

You may run separate `xygeni scan` commands for each module, which gives flexibility as every command option can be tailored, and good performance as the scan for each module can run only the appropriate stages -for example, running `iac` stage only when IaC templates exist.

Sometimes the directories comprising the software are not known in advance. Or there is a common software layout, where a module is split into three separate repos. For example, one repo with the source code, another repo with the build and deploy scripts, and another repo with the IaC templates for provisioning of resources in the cloud.

For such situations the `multi-scan` command could be useful.

```
xygeni multi-scan [options] 
```

The different directories to scan can be either **discovered**

```
Discovery options:
      --discover             Discover paths under -d | --dir (default: false).
      -dp, --discover-pattern=<discoveryPattern>
                             Regex for paths relative to -d | --dir to be processed.
                             Example: -dp ^micros/AGI_.*|^deploy/AGI_.*|^fe/AGI_.*
      --child-only           Consider only child subdirectories under --dir (default: false)
      --path[=<paths>...]    Path(s) to scan, relative to --dir. Could be specified multiple times.
```

or **specified**

```
      --path[=<paths>...]    Path(s) to scan, relative to --dir. Could be specified multiple times.
```

In **any case**, matched paths may be restricted to be roots of git directories using the `--git-only` option.

```
      --git-only             Consider only directories that are roots of git repositories (default:
                               false)
```

{% hint style="info" %}
Discovery and explicit paths can be combined when the software layout has a set of fixed directories (specified via `--path` options).You may pass absolute paths in the `--path` option, otherwise the path is resolved from the `--dir` option.
{% endhint %}

The project name given to each matched path could be configured in the `-n | --name` option

### Map to Xygeni projects

If nothing is specified, `xygeni multi-scan` will create as many projects in xygeni as different directories/repos are matched.

By default, the name of those projects will be the git repository name, but using explicit paths you can provide a custom Xygeni project name .

```console
$ xygeni -q multi-scan --dir $WORKSPACE --git-only
    --path MyOrg/MyApp/code -n MyOrg/MyApp/code:MyApp-Source \
    --path MyOrg/MyApp/build -n MyOrg/MyApp/code:MyApp-Build \
    --path MyOrg/MyApp/deploy -n MyOrg/MyApp/code:MyApp-Infra \
    --run inventory,secrets,iac,codetamper \
    -e '**/test/**,build/**' -f none
```

XXXXXXXXXXXXXXXXX

PRODUCT UNIT

XXXXXXXXXXXXXXXXXXXX

### --dry-run

The `--dry-run` option shows the matched paths and the scan commands for each matched path without running the scans, so you may write the commands in a CI/CD pipeline.

Examples:

Use `--dry-run` to check the matched projects and scan command syntax before running it:

```bash
# Imagine a project layout with software in separated "application" directories,
# and three repos underneath, one for source code, another for build and deploy,
# and another with deploy playbooks / IaC templates:

$ xygeni -q multi-scan --dir . \
  --discover -dp '^MyOrg/MyApp/' --git-only --dry-run \
  --run inventory,secrets,iac,codetamper \
  -e '**/test/**,build/**' -f none

xygeni scan -n "myorg/MyApp-code" -d MyOrg/MyApp/code -e "**/test/**,build/**" \
    --run=inventory,secrets,iac,codetamper -f none
xygeni scan -n "myorg/MyApp-build" -d MyOrg/MyApp/build -e "**/test/**,build/**" \
    --run=inventory,secrets,iac,codetamper -f none
xygeni scan -n "myorg/MyApp-deploy" -d MyOrg/MyApp/deploy -e "**/test/**,build/**" \
    --run=inventory,secrets,iac,codetamper -f none
```

After checking that everything is resolved OK, you may remove the `--dry-run` option to actually run the scans.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.xygeni.io/xygeni-scanner-cli/xygeni-cli-overview/xygeni-cli-operation-modes/multi-scan.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.