To see the various command options available to you, run the following:

truffle run verify --help

You can pass options to the tool in two ways:

• Command line options (--option)

• Configuration file (truffle-security.json)

Command line options take precedence over any options specified in the configuration file.

Command line options

--all

Compile all contracts. Without this, only the contracts changed since last compile will be recompiled.

--apiKey {api key generated from profile dashboard}

Authenticate with api key instead of login details.

--ci

Blocking non zero return for CI integrations to throw an error (non-zero exit code).

--ci-whitelist { 101 | 103,111,115 | ... }

List of allowed SWCs that will not throw an error (non-zero exit code).

--debug

Provide additional debug output. Use --debug=2 for more verbose output. Implies --no-progress.

--initial-delay <N>

Minimum amount of time (in seconds) to wait before attempting a first status poll. Default is 45 seconds. Read more about improving polling response.

--json

Output results in unprocessed JSON format. Differs from --style=json which provides an es-lint compatible output format. See also --yaml.

--limit <N>

Limit the number of parallel analysis requests to no more than <N>. As results come back, remaining contracts are submitted. The default and mamximum is 4, but this can be set lower.

--min-severity <LEVEL>

Ignore SWCs below the designated severity level. Options are warning or error.

Note

Currently, the only severity levels are warning and error, so choosing warning here has no effect (ignores nothing). Future versions may add support for an info severity level, which would be ignored.

--mode <MODE>

Perform quick, standard, or deep analysis. Refer to the plans page to see details about the different scan types. Note that not every scan type is available with every plan.

--mythx-logs --no-mythx-logs

Enable/disable MythX logs.

--no-color

Disable output coloring.

--no-progress

Disable progress bars during analysis.

--style <STYLE>

Output the report in the given es-lint style. Options include stylish, json, table, tap, unix, and markdown.

--swc-blacklist <LIST>

Ignore a specific SWC or list of SWCs. Use the number only (107 instead of SWC-107). If using a list, use commas and no spaces to separate the SWCs (103,111,115).

--timeout <N>

Limit MythX analyses time to <N> seconds. The default is 300 seconds.

--uuid <UUID>

(Experimental) Display results from a prior analysis with the given UUID. Result is in YAML.

--version

Show package and MythX version information.

--yaml

Output results in unprocessed YAML format. Differs from --style=yaml which provides an es-lint compatible output format. See also --json.

Configuration file

In addition to command line options, you can specify a configuration file named truffle-security.json. Placed in the root of the project, this file can contain a list of options and values. Every option available on the command line is available here.

An example format of this file is as follows:

{
  "style": "table",
  "mode": "quick",
  "min-severity": "warning",
  "swc-blacklist": [103,111]
}

For arguments that don’t take a value (such as no-progress) use the format:

{
  "no-format": true
}

For arguments that take a list (such as swc-blacklist), brackets for the values are optional.

Note: Command line options take precedence over any options specified in the configuration file.

Further Resources

• MythX for Truffle (npm)

• MythX for Truffle (GitHub)