Organization scan

PreviousMulti Scan NextXygeni CLI Configuration options

Last updated 8 months ago

Organization scan

Org-Scan (Discover & Scan Organization repositories)

It’s important to ensure that the JAVA_HOME environment variable points to the directory where Java is installed, which may or may not be done automatically depending on your platform. Additionally, you need to make sure that the $JAVA_HOME/bin directory is included in your system’s PATH so that you can access the Java executable from anywhere on your system. Please see for further info.

When invoked, xygeni org-scan command discovers and analyzes all the Organization's repositories.

xygeni org-scan [options]

As part of the process, the checkout of each repository is done into a temporary directory. Then, it’s deleted at the end of the scan process.

This command is very useful to quickly generate the inventory of an organization, and especially for performing smooth onboardings.

To discover the repos into a SCM organization, you must indicate the name of the organization as well as the hostname of the SCM system

Discovery options:
      --org, --group, --workspace=<name>
                             Name of the Organization, Group or Workspace to discover.
      --hostname=<hostname>  Hostname of the SCM system. Like 'https://github.com' or 'https://my.on.
                               premise.github.com'. GitHub Cloud will be used by default.

You can even filter the repos to be scanned thru inclusion/exclusions

      -ri, --repo-includes=<includesPattern>
                             Regex for repositories to be included in the discovery. Everything is
                               matched by default.
                             Example: -ri ^micros/AGI_.*|^deploy/AGI_.*|^fe/AGI_.*
      -re, --repo-excludes=<excludesPattern>
                             Regex for repositories to be excluded in the discovery. Nothing is matched
                               by default.
                             Example: -re ^micros/AGI_.*|^deploy/AGI_.*|^fe/AGI_.*

Finally, you can also execute it in dry-run mode ( --dry-run )

As an example, you might use --dry-run option to show the discovered repositories.

$ xygeni -q org-scan --org xygeni --dry-run
    --run inventory,secrets,iac,codetamper \
    -e '**/test/**,build/**' -f none

And then, after reviewing the results, you might want to filter the projects and run the scans:

$ xygeni -q org-scan --org xygeni -ri "^xy.*" -re "^xygeni\-(a|c).*"
    --run inventory,secrets,iac,codetamper \
    -e '**/test/**,build/**' -f none

PreviousMulti Scan NextXygeni CLI Configuration options

Last updated 8 months ago

Org-Scan (Discover & Scan Organization repositories)

When invoked, xygeni org-scan command discovers and analyzes all the Organization's repositories.

xygeni org-scan [options]

As part of the process, the checkout of each repository is done into a temporary directory. Then, it’s deleted at the end of the scan process.

This command is very useful to quickly generate the inventory of an organization, and especially for performing smooth onboardings.

To discover the repos into a SCM organization, you must indicate the name of the organization as well as the hostname of the SCM system

Discovery options:
      --org, --group, --workspace=<name>
                             Name of the Organization, Group or Workspace to discover.
      --hostname=<hostname>  Hostname of the SCM system. Like 'https://github.com' or 'https://my.on.
                               premise.github.com'. GitHub Cloud will be used by default.

You can even filter the repos to be scanned thru inclusion/exclusions

      -ri, --repo-includes=<includesPattern>
                             Regex for repositories to be included in the discovery. Everything is
                               matched by default.
                             Example: -ri ^micros/AGI_.*|^deploy/AGI_.*|^fe/AGI_.*
      -re, --repo-excludes=<excludesPattern>
                             Regex for repositories to be excluded in the discovery. Nothing is matched
                               by default.
                             Example: -re ^micros/AGI_.*|^deploy/AGI_.*|^fe/AGI_.*

Finally, you can also execute it in dry-run mode ( --dry-run )

As an example, you might use --dry-run option to show the discovered repositories.

$ xygeni -q org-scan --org xygeni --dry-run
    --run inventory,secrets,iac,codetamper \
    -e '**/test/**,build/**' -f none

And then, after reviewing the results, you might want to filter the projects and run the scans:

$ xygeni -q org-scan --org xygeni -ri "^xy.*" -re "^xygeni\-(a|c).*"
    --run inventory,secrets,iac,codetamper \
    -e '**/test/**,build/**' -f none