# Analyzing a project

> * Create a project.
* Run the CLI `exe` (for Windows Legacy) or `dll` (for Windows/Linux/macOS) file.
* Add the required Orchestrator [API access application scopes](https://docs.uipath.com/cicd-integrations/standalone/2025.10/user-guide/executing-uipath-cli-tasks).

## Prerequisites

* Create a project.
* Run the CLI `exe` (for Windows Legacy) or `dll` (for Windows/Linux/macOS) file.
* Add the required Orchestrator [API access application scopes](https://docs.uipath.com/cicd-integrations/standalone/2025.10/user-guide/executing-uipath-cli-tasks).

To analyze a project, take the following steps:

1. Run the `package` task, using `uipcli package`. You can notice a list of the available sub-tasks.
2. Specify the required parameters and run the `analyze` sub-task.
   The following table describes the required parameters.

:::note
Project validation runs as part of the `analyze` task and cannot be skipped. Validation messages are surfaced alongside Workflow Analyzer messages in the analyzer output.
:::
**Legend**: (*) - Optional, recommended when using additional package feeds.

 <colgroup>
  <col/>
  <col/>
 </colgroup>
 
  
     Parameter  
     Description  
  
 
 
  
    <code>Project(s) Path (pos. 0)</code> ( Required ) 
    The path to the <code>project.json</code> file, or the path to the folder that contains multiple <code>project.json</code> files. 
  
  
    <code>--analyzerTraceLevel</code> 
     Choose what types of messages to output after analyzing: Off = don't show any message Error - Warning - Info - Verbose .  
  
  
    <code>-stopOnRuleViolation</code> 
     The job fails when any rule is violated.  
  
  
    <code>--treatWarningsAsErrors</code> 
     Treat warnings as errors.  
  
  
    <code>--resultPath</code> 
     The full path to a JSON file where you want to store the results.  If you don't add this as an argument, then the results will print only in the standard console.  
  
  
    <code>--governanceFilePath</code> 
     Pass governance policies containing the Workflow Analyzer rules. Policies can be downloaded from , or extracted from the exported compressed zip file from  Studio  .  Note:  The task fails if you specify to use a policy but the policy file is not in the mentioned path.  
  
  
    <code>--ignoredRules</code> 
     A list of rules that you want to ignore during the analysis, separated by commas.  
  
  
    <style> .css-17xdpgx\{word-break:break-word;\}.css-17xdpgx div\{padding-left:10px;\}.css-17xdpgx code\{font-size:16px;\}.css-17xdpgx img\{margin-bottom:-5px;\} </style><code>-u</code> , <code>--orchestratorUsername</code> (*)  ( Required if you use Basic Authentication , through a username and a password)  
     The username used for authenticating to Orchestrator. You must pair it with the corresponding password.  
  
  
    <code>-p</code> , <code>--orchestratorPassword</code> (*)  ( Required if you use Basic Authentication , through a username and a password)  
     The password used for authenticating to Orchestrator. You must pair it with the corresponding username.  
  
  
    <code>-t</code> , <code>-orchestratorAuthToken</code> (*)  ( Required if you use  token-based authentication  )  
     The OAuth2 refresh token used for authenticating to Orchestrator. You must pair it with the Account Name and Client ID .  
  
  
    <code>-a</code> , <code>--orchestratorAccountName</code> (*)  ( Required if you use  token-based authentication  )  
     The Orchestrator CloudRPA account name. You must pair it with the OAuth2 refresh token and Client ID .  
  
  
    <code>-A</code> , <code>--orchestratorAccountForApp</code> (*) 
     The Orchestrator CloudRPA account name(organization name). You must pair it with the Application ID , Application Secret , and Application scope for external application.  
  
  
    <code>-I</code> , <code>--orchestratorApplicationId</code> (*)  ( Required if you use  external application authentication  )  
     The external Application ID. You must pair it with the **Application Account, Application Secret , and Application scope .  
  
  
    <code>-S</code> , <code>--orchestratorApplicationSecret</code> (*)  ( Required if you use  external application authentication  )  
     The external Application Secret. You must pair it with the Application Account , Application ID , and Application scope .  
  
  
    <code>--orchestratorApplicationScope</code> (*)  ( Optional for  external application authentication  )  
     The list of application scopes, separated by single spaces. Optional when using external application authentication as default scopes are automatically applied. You must pair it with the Application Account , Application ID , and Application Secret for external application.  
  
  
    <code>--orchestratorFolder</code> (*) 
     The name of the target Orchestrator folder.  To input subfolders make sure to input both the parent folder name and the name of the subfolder. For instance, use <code>AccountingTeam\TeamJohn</code> . 
  
  
    <code>--orchestratorUrl</code> (*) 
     The URL of the Orchestrator instance.  
  
  
    <code>--orchestratorTenant</code> (*) 
     The tenant of the Orchestrator instance.  
  
  
    <code>-l</code> , <code>--language</code> 
     The orchestrator language.  
  
  
    <code>--traceLevel</code> 
     Display the trace of the events.  
  
  
    <code>--identityUrl</code> 
    The URL of your identity server. Required when the Orchestrator runs on UiPath Automation Suite or standalone Orchestrator (on-premises MSI). Not needed for Automation Cloud — the CLI resolves the identity server from the cloud URL. 
  
  
    <code>--nugetConfigFilePath</code> 
     Path to the NuGet.Config file containing feeds. The <code>&lt;clear /&gt;</code> tag from the specified file will be ignored and only sources will be taken into consideration.  
  
  
    <code>--disableBuiltInNugetFeeds</code> 
     Disable built-in nuget feeds.  
  
  
    <code>--excludeConfiguredSources</code> 
     Excludes the built-in feeds and the NuGet sources configured at the user and machine level on the host running the CLI. The CLI resolves packages only from the feeds defined in <code>--nugetConfigFilePath</code>. See Managing NuGet feeds.  
  
  
    <code>--ca-cert</code> 
    One or more trusted root CA certificate files (PEM, DER, or PKCS#7) used when validating the Orchestrator and Identity Server TLS certificates. Repeat the flag or comma-separate multiple paths. See Trusting custom certificates for details. 
  
  
    <code>--pinnedpubkey</code> 
    Pin the server leaf certificate's public key. Format: <code>sha256//&lt;base64&gt;</code>. Checked in addition to standard certificate validation. See Trusting custom certificates for details. 
  
 

:::tip Trusting custom certificates
For Orchestrator instances signed by a private Certificate Authority (such as UiPath Automation Suite), this command also accepts `--ca-cert` and `--pinnedpubkey` parameters. See [Trusting custom certificates](https://docs.uipath.com/cicd-integrations/standalone/2025.10/user-guide/trusting-custom-certificates) for scenarios and examples.
:::

:::note **Default Application Scopes**
When using external application authentication without specifying the `--orchestratorApplicationScope` parameter, the CLI automatically applies these default Orchestrator scopes:

`OR.Assets OR.BackgroundTasks OR.Execution OR.Folders OR.Robots.Read OR.Machines.Read OR.Jobs OR.TestSets OR.TestSetExecutions OR.Monitoring OR.Settings.Read`
:::

## Usage

```
uipcli package analyze <project_path> [--analyzerTraceLevel <analyzer_trace_level>] [--stopOnRuleViolation] [--treatWarningsAsErrors] [--resultPath <result_path>] [--governanceFilePath <governance_file_path>] [--ignoredRules <rule_id_1,rule_id_2>] [--orchestratorUrl <orchestrator_url> --orchestratorTenant <orchestrator_tenant>] [-u <orchestrator_user> -p <orchestrator_pass>] [-t <auth_token> -a <account_name>] [-A <organization_name> -I <application_id> -S <application_secret> --orchestratorApplicationScope <application_scope>] [--orchestratorFolder <folder_name>] [-l <language>] [--traceLevel <None|Critical|Error|Warning|Information|Verbose>] [--identityUrl <identityUrl>] [--disableBuiltInNugetFeeds] [--excludeConfiguredSources]
```

## Minimal command examples

* `uipcli package analyze "C:\userprofile\AutomationProject\project.json" --traceLevel Information --resultPath "C:\userprofile\result.json"`
* `uipcli package analyze "C:\userprofile\AutomationProject\project.json" --traceLevel Information --resultPath "C:\userprofile\result.json"
  --orchestratorUrl "https://orch-23-10-paas.cloudapp.azure.com/" --orchestratorTenant "TenantName" -u "orchestratorUsername"
  -p "********" --orchestratorFolder "FolderName"`
* `uipcli package analyze "C:\userprofile\AutomationProject\project.json" --traceLevel Information --resultPath "C:\userprofile\result.json"
  --orchestratorUrl "https://orch-23-10-paas.cloudapp.azure.com/" --orchestratorTenant "TenantName" -A "organizationName" -I
  "76000552-3e4f-4590-9317-cdb420001f1d" -S '********' --orchestratorApplicationScope "OR.Folders OR.BackgroundTasks OR.TestSets
  OR.TestSetExecutions OR.TestSetSchedules OR.Settings.Read OR.Robots.Read OR.Machines.Read OR.Execution OR.Assets OR.Users.Read
  OR.Jobs OR.Monitoring" --orchestratorFolder "FolderName" --identityUrl "https://orch-23-10-paas.cloudapp.azure.com/identity"`
* `uipcli package analyze "C:\userprofile\AutomationProject\project.json" --traceLevel Information --resultPath "C:\userprofile\result.json"
  --orchestratorUrl "https://automation-suite.base.url.com/" --orchestratorTenant "TenantName" -A "organizationName" -I "3f6239b9-e0e8-465e-a429-d9ffd1d9e57a"
  -S '********' --orchestratorApplicationScope "OR.Folders OR.BackgroundTasks OR.TestSets OR.TestSetExecutions OR.TestSetSchedules
  OR.Settings.Read OR.Robots.Read OR.Machines.Read OR.Execution OR.Assets OR.Users.Read OR.Jobs OR.Monitoring" --orchestratorFolder
  "FolderName"`
* `uipcli package analyze "C:\userprofile\AutomationProject\project.json" --traceLevel Information --resultPath "C:\userprofile\result.json"
  --orchestratorUrl "https://cloud.uipath.com/" --orchestratorTenant "TenantName" -A "organizationName" -I "becc663c-8f1e-409a-a75f-c00330d80bc8"
  -S '********' --orchestratorApplicationScope "OR.Folders OR.BackgroundTasks OR.TestSets OR.TestSetExecutions OR.TestSetSchedules
  OR.Settings.Read OR.Robots.Read OR.Machines.Read OR.Execution OR.Assets OR.Users.Read OR.Jobs OR.Monitoring" --orchestratorFolder
  "FolderName"`