Meet Bugsy
Mobb automated security
What is Bugsy
Bugsy is Mobb's community edition. It is a free-to-use and open-source CLI tool that allows open-source maintainers not only to automatically scan but also automatically remediate first-party code vulnerabilities in their projects.
Why are we doing this?
At the very basic, because we can and we should. But of course, there is more than that.
There are well over 4M open-source Java repositories hosted on GitHub. Of those, over 20K have over 100 stars. Opening our automated vulnerability remediation technology to the open-source community is scary, but it allows us to achieve three goals:
- The more developers use and stress test our tool with different coding styles and frameworks, the better the technology can get. Not to mention that getting feedback and feature requests can also significantly help us grow.
- Like everyone else, we also are using open-source projects. We plan to start contributing to some of those, but we wanted to see if we can do more than selective contributions. We realized that opening our technology for free, with no restrictions, to all open-source maintainers can bring a much greater impact to the community.
- Helping maintainers secure their code can generate great PR :)
How to use it
Using Bugsy couldn't be simpler. All you need to do is run the following command from your CLI.
Mobb automated security
npx mobbdev https://github.com/[org]/[proj]
Mobb automated security
and wait.
Mobb automated security
Mobb automated security
Because in Mobb, we do not do any scanning ourselves, at this point, Bugsy will download and run the Snyk CLI. You may be asked to authenticate with Snyk at this point. If you don't have an account, one will be automatically created for you.
Once the scan completes, Bugsy will send the report to the Mobb SaaS platform to produce fixes for the supported issues and automatically redirect the user to the report page in the Mobb platform.
You do not need anything special to use Bugsy, and you don't even need to register for our service. We want all open-source maintainers to benefit from the tool easily. We ask users to authenticate (which can quickly be done with their Google account) to make sure they can access their fixes.
"But hey, Eitan, why Snyk? you said that Mobb could also fix SAST findings reported by Checkmarx and GitHub Advanced Security."
Mobb indeed supports other tools, and we mainly chose Snyk because it gives open-source maintainers access to their SAST for free, but also because Kirill, our kick-ass developer that built this tool, used to work in Snyk and knows it very well, and last because Snyk is great and we like it. But, if you would rather use Checkmarx or GitHub, let us know, or better yet, extend the code yourself.
You can find Bugsy, see the code behind it, and read more here
If you need support using Bugsy, or are interested in sharing your feedback, learning more, or asking for new features, you are more than welcome to join our discord server.
Mobb automated security