CodeScene: Difference between revisions
| (7 intermediate revisions by the same user not shown) | |||
| Line 11: | Line 11: | ||
Check a specific file for code health issues | Check a specific file for code health issues | ||
cs check [file] | cs check [file] | ||
<pre> | |||
EXAMPLES | |||
$ cs check test.c Check the file test.c | |||
$ cs check master:./test.c Check the file test.c on the master branch | |||
$ cs check 801b0c0f:./test.c Check the file test.c at the given commit | |||
$ cs check --file-name test.c < test.c Read file data from stdin | |||
</pre> | |||
=== CLI - Review === | === CLI - Review === | ||
| Line 18: | Line 24: | ||
Score a file, and provide a review | Score a file, and provide a review | ||
cs review [file] | cs review [file] | ||
cs review test.c | |||
<pre> | |||
EXAMPLES | |||
$ cs review test.c Check the file test.c | |||
$ cs review test.c --output-format json Check test.c and output the results as json | |||
$ cs review master:./test.c Check the file test.c on the master branch | |||
$ cs review 801b0c0f:./test.c Check the file test.c at the given commit | |||
$ cs review --file-name test.c < test.c Read file data from stdin | |||
</pre> | |||
=== CLI - Update === | === CLI - Update === | ||
| Line 73: | Line 86: | ||
.\install-cs-tool.ps1 | .\install-cs-tool.ps1 | ||
May need to set Powershell permissions first (if you have never run Powershell scripts before): | |||
Set-ExecutionPolicy RemoteSigned | |||
Set access token: | |||
$env:CS_ACCESS_TOKEN = 'your-access-token' | $env:CS_ACCESS_TOKEN = 'your-access-token' | ||
| Line 119: | Line 136: | ||
==== Can't Wait on IT, Test Now ==== | ==== Can't Wait on IT, Test Now ==== | ||
If you don't want to wait for IT, you can test it out by checking out the | If you don't want to wait for IT, you can test it out by checking out the section below, "Custom SSL Certificate"... | ||
Solution: | |||
* First - cry. Java is the worst at dealing with custom SSL keystores. Sorry. | |||
* Second - See the steps below under the section below, "Custom SSL Certificate".... | |||
=== Untrusted SSL Certificate - Corporate SSL Proxy === | |||
If your company uses a SSL decryption monitoring certificate, you may run into this: | |||
But | <pre> | ||
PS C:\code> cs review | |||
Version update check failed, proceeding. | |||
License check failed (https://api.codescene.io/v2/tool-license/cli): error - javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target | |||
</pre> | |||
Solution: | |||
* First - cry. Java is the worst at dealing with custom SSL keystores. Sorry. | |||
* Second - See the steps below under the section below, "Custom SSL Certificate".... | |||
=== Untrusted On-Premise CodeScene Server - Custom SSL Certificate === | |||
Okay, so you didn't pay for an official SSL Certificate ''(or you are stuck with a Corporate SSL Proxy Certificate)''? Sigh, Java is the worst when it comes to dealing with Custom SSL Certificates. Sorry. But you've made your bed, and wish to sleep in it, so buckle up, and here we go... | |||
Error: | |||
<pre> | |||
PS C:\code> cs review test.py | |||
Version update check failed, proceeding. | |||
License check failed (https://bad-codescene.example.com/api/v2/tool-license/cli): error - javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target | |||
</pre> | |||
Solution Overview: | |||
* you will need to build a custom Java Keystore, and every command, tool, and application will need to reference this custom Keystore, and the way you reference the Keystore with each application is different. It's ugly. Very ugly. Sorry. | |||
==== Use Firefox to Collect the SSL Certificate Chain ==== | |||
First, collect the SSL Certificate chain. This is from the perspective of the system trying to access the CodeScene server. (This SSL chain may change if the system tries to connect via a VPN proxy, which may use a Corporate SSL proxy, so you may need a second keystore) | |||
Use Firefox, view the SSL certificate chain, and export it out. (Click the lock in the address bar, select Connection Secure, select More Information, View Certificate, under Miscellaneious select Download "PEM (chain)". | Use Firefox, view the SSL certificate chain, and export it out. (Click the lock in the address bar, select Connection Secure, select More Information, View Certificate, under Miscellaneious select Download "PEM (chain)". | ||
| Line 147: | Line 200: | ||
etc... | etc... | ||
==== Install OpenJDK for Keytool ==== | ==== Install OpenJDK for Keytool ==== | ||
| Line 187: | Line 226: | ||
==== Test CS-CLI with Keystore ==== | ==== Test CS-CLI with Keystore ==== | ||
To use the keystore you will need to inject it in various ways with Visual Code, CS-CLI, CS-MCP, etc. | To use the keystore you will need to inject it in various ways with Visual Code, CS-CLI, CS-MCP, etc. But, for the CS-CLI specifically, for example: | ||
# Powershell example | # Powershell example | ||
| Line 194: | Line 233: | ||
cs review -D"javax.net.ssl.trustStore=C:/code/codescene.jks" -D"javax.net.ssl.trustStorePassword=changeit" | cs review -D"javax.net.ssl.trustStore=C:/code/codescene.jks" -D"javax.net.ssl.trustStorePassword=changeit" | ||
Note: the java parameters use forward slashes "/" not back slashes "\" - I know this is | Note: the java parameters use forward slashes "/" not back slashes "\" - I know this is Windows, and this may break some brains. | ||
Note: once the license has been cached, you should be able to call the CS-CLI command again without the keystore parameters, at least until the cached license expires: | Note: once the license has been cached, you should be able to call the CS-CLI command again without the keystore parameters, at least until the cached license expires: | ||
| Line 204: | Line 243: | ||
%APPDATA%\Codescene | %APPDATA%\Codescene | ||
If you wish to force the license to be | If you wish to force the license to be reacquired, delete this folder, and rerun the CS-CLI command | ||
== keywords == | |||
Latest revision as of 01:10, 2 February 2026
CodeScene
https://codescene.com/
CLI Tools
https://codescene.io/docs/cli/index.html
CLI - Check
Check a specific file for code health issues
cs check [file]
EXAMPLES $ cs check test.c Check the file test.c $ cs check master:./test.c Check the file test.c on the master branch $ cs check 801b0c0f:./test.c Check the file test.c at the given commit $ cs check --file-name test.c < test.c Read file data from stdin
CLI - Review
Score a file, and provide a review
cs review [file]
EXAMPLES $ cs review test.c Check the file test.c $ cs review test.c --output-format json Check test.c and output the results as json $ cs review master:./test.c Check the file test.c on the master branch $ cs review 801b0c0f:./test.c Check the file test.c at the given commit $ cs review --file-name test.c < test.c Read file data from stdin
CLI - Update
Command for updating the CLI:
cs update
CLI - Help
$ cs help
USAGE
$ cs <command> [--help | <args>]
COMMANDS
delta Perform a delta analysis in the current git repository
review Score a file, and provide a review
check Check a specific file for code health issues
docs CodeScene CLI documentation topics
version Display CLI version info
update Command for updating the CLI
check-rules Find code health rule matches for input file
GETTING HELP
For more information about a specific command, run `cs <command> --help`
For more general documentation, run `cs docs`
Invalid arguments: ("help")
CLI Configuration
Version update check failed, proceeding. In order to use the full CLI tool you will need to set up your environment with a Personal Access Token. - codescene.io -> https://codescene.io/users/me/pat - CodeScene Enterprise -> https://your.codescene.com/configuration/user/token Generate a new PAT token then set your environment variables as follows: - codescene.io -> $env:CS_ACCESS_TOKEN = '<your-PAT>' - CodeScene Enterprise -> $env:CS_ACCESS_TOKEN = '<your-PAT>'
Windows CLI Tools Installation
Powershell Installation:
Invoke-WebRequest -Uri 'https://downloads.codescene.io/enterprise/cli/install-cs-tool.ps1' -OutFile install-cs-tool.ps1 .\install-cs-tool.ps1
May need to set Powershell permissions first (if you have never run Powershell scripts before):
Set-ExecutionPolicy RemoteSigned
Set access token:
$env:CS_ACCESS_TOKEN = 'your-access-token'
If using an onpremise code scene server:
$env:CS_ONPREM_URL = 'https://codescene.example.com'
Run a code scene command:
cs review
Installs the tool to:
%LOCALAPPDATA%\Programs\CodeScene\cs.exe
Linux CLI Tools Installation
The install script will download the binary, move it to ~/.local/bin and make it executable. If ~/.local/bin is not in the user’s PATH, it will be added.
Shell Installation:
curl https://downloads.codescene.io/enterprise/cli/install-cs-tool.sh | sh
export CS_ACCESS_TOKEN=your-access-token
If using an onpremise code scene server:
export CS_ONPREM_URL=https://codescene.example.com
Installs the tool to:
~/.local/bin/cs $HOME/.local/bin/cs /home/USER/.local/bin/cs
Issues
SSL Certificate Issues
Untrusted On-Premise CodeScene Server - Legitimate SSL Certificate
Okay, so you paid for an official SSL Certificate, but CodeScene is not trusting it? No worries, likey the problem is the web server is just simply not exporting out the full SSL certificate chain. Should be easily resolved. Just tell your IT team not to just export the end leaf SSL certificate, but the full SSL chain, including the intermediary certificates. This should resolve the issue
Error:
PS C:\code> cs review Version update check failed, proceeding. License check failed (https://good-codescene.example.com/api/v2/tool-license/cli): error - javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Can't Wait on IT, Test Now
If you don't want to wait for IT, you can test it out by checking out the section below, "Custom SSL Certificate"...
Solution:
- First - cry. Java is the worst at dealing with custom SSL keystores. Sorry.
- Second - See the steps below under the section below, "Custom SSL Certificate"....
Untrusted SSL Certificate - Corporate SSL Proxy
If your company uses a SSL decryption monitoring certificate, you may run into this:
PS C:\code> cs review Version update check failed, proceeding. License check failed (https://api.codescene.io/v2/tool-license/cli): error - javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Solution:
- First - cry. Java is the worst at dealing with custom SSL keystores. Sorry.
- Second - See the steps below under the section below, "Custom SSL Certificate"....
Untrusted On-Premise CodeScene Server - Custom SSL Certificate
Okay, so you didn't pay for an official SSL Certificate (or you are stuck with a Corporate SSL Proxy Certificate)? Sigh, Java is the worst when it comes to dealing with Custom SSL Certificates. Sorry. But you've made your bed, and wish to sleep in it, so buckle up, and here we go...
Error:
PS C:\code> cs review test.py Version update check failed, proceeding. License check failed (https://bad-codescene.example.com/api/v2/tool-license/cli): error - javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Solution Overview:
- you will need to build a custom Java Keystore, and every command, tool, and application will need to reference this custom Keystore, and the way you reference the Keystore with each application is different. It's ugly. Very ugly. Sorry.
Use Firefox to Collect the SSL Certificate Chain
First, collect the SSL Certificate chain. This is from the perspective of the system trying to access the CodeScene server. (This SSL chain may change if the system tries to connect via a VPN proxy, which may use a Corporate SSL proxy, so you may need a second keystore)
Use Firefox, view the SSL certificate chain, and export it out. (Click the lock in the address bar, select Connection Secure, select More Information, View Certificate, under Miscellaneious select Download "PEM (chain)".
Then open this PEM text file, and split this chain file into several files named 1.pem, 2.pem, 3.pem, etc... depending on how many levels deep it is, and copy these to some place convenient like C:\code\
1.pem:
-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
2.pem
-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
etc...
Install OpenJDK for Keytool
Install the OpenJDK ( https://openjdk.org/install/ | https://jdk.java.net/ ), because screw Sun/Oracle and their schenaigans:
winget install openjdk --source winget
Gather your custom certificate file(s) and name them something like 1.pem
Build custom keystore
# Pick a place to put the keystore file, for example, c:\code\codescene.jks mkdir c:\code cd \code
keytool -importcert -trustcacerts -file 1.pem -alias codescene_1 -keystore codescene.jks -storepass changeit keytool -importcert -trustcacerts -file 2.pem -alias codescene_2 -keystore codescene.jks -storepass changeit keytool -importcert -trustcacerts -file 3.pem -alias codescene_3 -keystore codescene.jks -storepass changeit ...etc...
Note: If you are asked by keytool to trust the certificate, or if it reports the certificate is already in the system's keystore, agree to add it to the keystore anyway (default is "[no]" to type "yes").
Note: It's not needed, as the default is a PKCS12 format, but if you want you can add the storetype in the above commands:
keytool -importcert -trustcacerts -file 1.pem -alias codescene_1 -storetype PKCS12 -keystore codescene.jks -storepass changeit
Test CS-CLI with Keystore
To use the keystore you will need to inject it in various ways with Visual Code, CS-CLI, CS-MCP, etc. But, for the CS-CLI specifically, for example:
# Powershell example $CS_ONPREM_URL = 'https://bad-codescene.example.com' $CS_ACCESS_TOKEN = 'insert-my-access-token-key-here-xxxxxxxxxxxxxxxx' cs review -D"javax.net.ssl.trustStore=C:/code/codescene.jks" -D"javax.net.ssl.trustStorePassword=changeit"
Note: the java parameters use forward slashes "/" not back slashes "\" - I know this is Windows, and this may break some brains.
Note: once the license has been cached, you should be able to call the CS-CLI command again without the keystore parameters, at least until the cached license expires:
cs review
License Caching
The license will be cached in:
%APPDATA%\Codescene
If you wish to force the license to be reacquired, delete this folder, and rerun the CS-CLI command