Skip to main content

sync

Descriptionโ€‹

Re-scans existing package versions in the store to synchronize them with the updated configuration or with the latest rl-secure release.

We recommend running the sync command after every rl-secure update or major configuration change (including modifying policy configuration files).

If a new update is available and you haven't previously installed it, the self-update feature will automatically install the latest rl-secure the next time you run the sync command.

Licensing

Using the sync command does not count towards the monthly analysis capacity.

To estimate the performance impact of synchronization, run the sync command with the --check-only option. This executes the command in "dry-run" or simulation mode where it won't synchronize anything. This is a safe way to check which package versions may require synchronization.

If the number of packages that require rescanning appears substantial, consider performing synchronization outside of business hours. Scheduling a maintenance window for this operation can reduce the system load and lessen the impact on CI/CD system integrations.

The --vault-key option is required when the password vault is active for your package store and when any of your projects contain password-protected files. Without the vault key, the sync cannot be initiated and an error occurs.

Recovering from errors

If the sync command fails to analyze your software packages, make sure to run rl-secure clean after resolving the issue, and then attempt synchronization again.

While sync is typically used to rescan the entire package store, you can also use it selectively. Use the package URL to specify a project/package name combination, and the command will check and synchronize matching package versions.

Usageโ€‹

rl-secure sync <purl> [<options>]

Optionsโ€‹

OptionDescription
-p, --purlPackage URL to synchronize (rescan with an updated configuration or engine), in the format [pkg:type/]<project></package><@version>. If omitted, all packages in the package store are synchronized.
--work-dirSpecify the path to a work directory for temporary files. If not specified, it is created in the package store root.
--concurrency ย Specify the number of concurrent scan threads to use (default=max).
--check-onlyUse dry-run mode and only display versions that would be synced, without actually syncing.
--forceReprocess all matching packages unconditionally.
--no-trackingDon't display progress bars.
--vault-keyProvide the password vault key. Required if password vault is active for your package store. Note that this value is case-sensitive and can be changed at any time.
-h, --helpDisplay usage information and exit.
-s, --rl-storePath to an initialized package store containing the package URL. If you don't specify the path, the current directory is used.

Examplesโ€‹

Synchronize the whole package storeโ€‹

This example synchronizes all package versions in the package store that require reprocessing. Package versions are considered out-of-sync when there are rl-secure updates and configuration changes.

When the package store has a password vault, you need to provide the vault key with the --vault-key option to reprocess the password-protected files.

The command expects the package store to exist in the current directory. Use the -s or --rl-store options to provide an alternative path to the package store.

rl-secure sync --vault-key SECRETKEY

Synchronize a specific projectโ€‹

This example synchronizes all versions in a project that require reprocessing. Packages are considered out-of-sync when there are rl-secure updates and configuration changes.

If the project contains password-protected packages, you need to provide the package store vault key with the --vault-key option for rl-secure to reprocess them.

The command expects the package store to exist in the current directory. Use the -s or --rl-store options to provide an alternative path to the package store.

rl-secure sync pkg:rl/my-project --vault-key SECRETKEY