The Client Application

How does the meterian client work?

What is the client for?

The client is used to securely execute a scan of your project without the need of providing access to your local source control system. If you want to do an occasional scan on your private project or you want to add the scan to your CI/CD pipeline the client is the most obvious choice.

With the client all the information related to your project will be securely stored and linked to your account: no data will be publicly available at any point in time. To access historical information, status and reports you will always have to log in first.

How does the client work?

The client will first authenticate you and validate your account (please see the related section for more information).

You will need to run the client in the folder where your project is located. The client will scan the folder searching for the files where your dependencies are listed: for example if you use maven it will look for all the maven.xml files belonging to your project.

It will then proceed to collect the dependencies from those files using your local installation of the build tool (maven, gradle, etc.): you can choose to do so on the meterian servers as well (see the instructions section in your administration page) but we recommend this to be done locally as in that way it's possible to capture the information as they appear on your local environment.

The list of dependencies will be then uploaded securely to the meterian servers, where the analysis will be conducted. Please note that if you decided to run the analysis remotely, then all the build files will be uploaded. The client will be reporting the progress of the operation in its various stages, and at the end, it will print out the scores for stability and vulnerability, with a link to securely access the full report. Please note that you will be requested to login to access such report.

How does the client authenticate me?

The client can be used in interactive and non-interactive mode.

In interactive mode (which is the default) the client will check if you have a valid authorisation and, if not, will open for you a browser window so that you can log in with credentials. After a successful login, the client will securely store an authorisation token in your home folder, so that you will not need to log in for a certain amount of time. Depending on your configuration, this can vary from hours to day, but by default, a token obtained in this way it will last 24 hours.

In non-interactive mode you will need to generate a token on your administrator page and then store that token where you prefer on the local file system. When you will launch the client you will have to specify where the token is stored so that the client can authenticate in behalf of you. For detail information please see the instructions section in your administration page.

Try it now!

Please login from our main page first, you can either use your Github or Google credentials. This is required as the project that you will build through the client will be linked to your account and completely private. Using Meterian to scan your project does not expose your source or binary code. You can run the client to scan any of your existing projects, but you will need Java8 on your Linux/MacOS/Windows system.

Please follow these simple instructions:

  • make sure you can compile your project, as the client by default works locally
  • download the latest Meterian java client and put it on your computer, for example in /tmp
  • cd into the folder where your project is
  • launch the client with "java -jar /tmp/meterian-cli.jar" and see the results :)
In case of issues please take a look at the manual or please get in touch!

Resources and Further Information

Please contact us for any further information.