csmock man page

csmock — run static analysis of the given SRPM using mock


usage: csmock [-h] [-r MOCK_PROFILE] [-t TOOLS] [-a] [-l]

[--install LIST_OF_PKGS] [-o OUTPUT] [-f] [-j JOBS] [--cswrap-timeout CSWRAP_TIMEOUT] [-U EMBED_CONTEXT] [-k] [--skip-init] [--no-clean] [--no-scan] [--print-defects] [--no-print-defects] [--base-srpm BASE_SRPM] [--base-root BASE_MOCK_PROFILE] [--skip-patches | --diff-patches | -c SHELL_CMD] [--defect-blacklist DEFECT_BLACKLIST] [--version] [SRPM]

positional arguments


source RPM package to be scanned by static analyzers

optional arguments

-h, --help

show this help message and exit


mock profile to use (defaults to mock's default)

-t TOOLS, --tools TOOLS

comma-spearated list of tools to enable (use --listavailable-tools to see the list of available tools)

-a, --all-tools

enable all available tools (use --list-available-tools to see the list of available tools)

-l, --list-available-tools

list available tools and exit

--install LIST_OF_PKGS

space-separated list of packages to install into the chroot

-o OUTPUT, --output OUTPUT

name of the tarball or directory to put the results to

-f, --force

overwrite the resulting file or directory if it exists already

-j JOBS, --jobs JOBS

maximal number of jobs running in parallel (passed to 'make')

--cswrap-timeout CSWRAP_TIMEOUT

maximal amount of time taken by analysis of a single module [s]


embed a number of lines of context from the source file for the key event (defaults to 3).

-k, --keep-going

continue as much as possible after an error


do not run 'mock --init' before the scan (may lead to unpredictable scan results)


do not clean chroot when it becomes unused


do not analyze any package, just check versions of the analyzers


print the resulting list of defects (default if connected to a tty)


disables --print-defects

--base-srpm BASE_SRPM

perform a differential scan against the specified base pacakge


mock profile to use for the base scan (use only with --base-srpm)


skip patches not annotated by %{?_rawbuild} (vanilla build)


scan with/without patches and diff the lists of defects

-c SHELL_CMD, --shell-cmd SHELL_CMD

use shell command to build the given tarball (instead of SRPM)

--defect-blacklist DEFECT_BLACKLIST

suppress known false positives loaded from the given file (defaults to "/usr/share/csmock/defectblacklist.err" if available)


print the version of csmock and exit

Output Format

If not overridden by the --output option, csmock creates an archive NVR.tar.xz in the current directory for an SRPM named NVR.src.rpm (or NVR.tar.* if the --shell-cmd option is used).  The archive contains a directory named NVR as the only top-level directory, containing the following items:

scan-results.err - scan results encoded as plain-text (for source code editors)

scan-results.html - scan results encoded as HTML (suitable for web browsers)

scan-results.js - scan results, including scan metadata, encoded using JSON

scan-results-summary.txt - total count of defects found by particular checkers

scan.ini - scan metadata encoded in the INI format

scan.log - scan log file (useful for debugging scan failures)

debug - a directory containing additional data (intended for csmock debugging)

Note that external plug-ins of csmock may create additional files (not covered by this man page) in the directory with results.

Referenced By


February 2019 csmock csmock-2.3.0-1.fc30 User Commands