The HeroDevs CLI
- Install node v20 or higher: Download Node
- Install the CLI using one of the following methods:
- Globally: Refer to the Usage instructions on installing the CLI globally
- Npx:
npx @herodevs/cli@beta <commands>
- Refer to the Commands section for a list of commands
Use of this CLI is governed by the HeroDevs End of Life Dataset Terms of Service and Data Policy.
The CLI's scanning commands (hd scan eol and hd scan sbom) are designed to be non-invasive:
- They do not install dependencies or modify package manager files (package-lock.json, yarn.lock, etc.)
- They analyze the project in its current state
- If you need dependencies installed for accurate scanning, please install them manually before running the scan
$ npm install -g @herodevs/cli
$ hd COMMAND
running command...
$ hd (--version)
@herodevs/cli/2.0.0-beta.4 darwin-arm64 node-v22.15.1
$ hd --help [COMMAND]
USAGE
$ hd COMMAND
...Display help for hd.
USAGE
$ hd help [COMMAND...] [-n]
ARGUMENTS
COMMAND... Command to show help for.
FLAGS
-n, --nested-commands Include all nested commands in the output.
DESCRIPTION
Display help for hd.
See code: @oclif/plugin-help
Generate report of committers to a git repository
USAGE
$ hd report committers [--json] [-m <value>] [-c] [-s]
FLAGS
-c, --csv Output in CSV format
-m, --months=<value> [default: 12] The number of months of git history to review
-s, --save Save the committers report as herodevs.committers.<output>
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
Generate report of committers to a git repository
EXAMPLES
$ hd report committers
$ hd report committers --csv -s
$ hd report committers --json
$ hd report committers --csv
See code: src/commands/report/committers.ts
Generate a list of purls from a sbom
USAGE
$ hd report purls [--json] [-f <value>] [-d <value>] [-s] [-c]
FLAGS
-c, --csv Save output in CSV format (only applies when using --save)
-d, --dir=<value> The directory to scan in order to create a cyclonedx sbom
-f, --file=<value> The file path of an existing cyclonedx sbom to scan for EOL
-s, --save Save the list of purls as herodevs.purls.<output>
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
Generate a list of purls from a sbom
EXAMPLES
$ hd report purls --json -s
$ hd report purls --dir=./my-project
$ hd report purls --file=path/to/sbom.json
$ hd report purls --dir=./my-project --save
$ hd report purls --save --csv
See code: src/commands/report/purls.ts
Scan a given sbom for EOL data
USAGE
$ hd scan eol [--json] [-f <value>] [-p <value>] [-d <value>] [-s]
FLAGS
-d, --dir=<value> The directory to scan in order to create a cyclonedx sbom
-f, --file=<value> The file path of an existing cyclonedx sbom to scan for EOL
-p, --purls=<value> The file path of a list of purls to scan for EOL
-s, --save Save the generated report as herodevs.report.json in the scanned directory
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
Scan a given sbom for EOL data
EXAMPLES
$ hd scan eol --dir=./my-project
$ hd scan eol --file=path/to/sbom.json
$ hd scan eol --purls=path/to/purls.json
$ hd scan eol -a --dir=./my-project
See code: src/commands/scan/eol.ts
Scan a SBOM for purls
USAGE
$ hd scan sbom [--json] [-f <value>] [-d <value>] [-s] [-b]
FLAGS
-b, --background Run the scan in the background
-d, --dir=<value> The directory to scan in order to create a cyclonedx sbom
-f, --file=<value> The file path of an existing cyclonedx sbom to scan for EOL
-s, --save Save the generated SBOM as herodevs.sbom.json in the scanned directory
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
Scan a SBOM for purls
EXAMPLES
$ hd scan sbom --dir=./my-project
$ hd scan sbom --file=path/to/sbom.json
See code: src/commands/scan/sbom.ts
update the hd CLI
USAGE
$ hd update [CHANNEL] [--force | | [-a | -v <value> | -i]] [-b ]
FLAGS
-a, --available See available versions.
-b, --verbose Show more details about the available versions.
-i, --interactive Interactively select version to install. This is ignored if a channel is provided.
-v, --version=<value> Install a specific version.
--force Force a re-download of the requested version.
DESCRIPTION
update the hd CLI
EXAMPLES
Update to the stable channel:
$ hd update stable
Update to a specific version:
$ hd update --version 1.0.0
Interactively select version:
$ hd update --interactive
See available versions:
$ hd update --available
See code: @oclif/plugin-update
You can use @herodevs/cli in your CI/CD pipelines to automate EOL scanning.
We provide a Docker image that's pre-configured to run EOL scans. Based on cdxgen,
it contains build tools for most project types and will provide best results when generating an SBOM.
# .github/workflows/herodevs-eol-scan.yml
name: HeroDevs EOL Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run EOL Scan with Docker
uses: docker://ghcr.io/herodevs/eol-scan
with:
args: "--json"eol-scan:
image:
name: "ghcr.io/herodevs/eol-scan"
# Entrypoint or base command must be disabled due
# to GitLab's execution mechanism and run manually
entrypoint: [""]
script: "npx @herodevs/cli@beta --json"You can use npx to run the CLI just like you'd run it locally.
Note
The development environment is expected to be ready to run the app. For best results, prefer using the prebuilt image, but otherwise, prepare all requirements before the scan step.
# .github/workflows/herodevs-eol-scan.yml
name: HeroDevs EOL Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- run: echo # Prepare environment, install tooling, perform setup, etc.
- name: Run EOL Scan
run: npx @herodevs/cli@betaimage: alpine
eol-scan:
script:
- echo # Prepare environment, install tooling, perform setup, etc.
- npx @herodevs/cli@beta