cli

module
v0.4.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 3, 2024 License: Apache-2.0

README

VulnCheck Logo

The VulnCheck CLI

vci is access to the VulnCheck API on the command line. It brings index browsing, backup management, and vulnerability scanning to the terminal.

Release Go Report Card Go Reference Lint Tests PRs Welcome

Installation

vci is available for MacOS, Linux, and Windows. You can download precompiled binaries from our releases page

[!NOTE] Support for package managers is coming soon.

Configuration

  • Run vci auth login to authenticate with your VulnCheck account.
  • Alternatively vci will respect the VC_TOKEN environment variable.
  • vci auth by itself will show other options like checking your status and logging out.

Available commands

Browse/list indices

You can browse all available indices interactively or output them as a list

vci indices browse|list <search> [flags]

You can search for a specific index by passing a search term.

[!TIP] Pressing [Enter] on an index while browsing will begin browsing that particular index

Flags (list only)
Flag Description
--json Output the list of indices in JSON format.
Browse/list an index

You can browse the contents of any index interactively or output some as JSON

vci index browse|list <index> [flags]
Flags
Flag Description
--alias string Alias
--botnet string Botnet
--cve string Cve
--iava string Iava
--lastmodenddate string LastModEndDate
--lastmodstartdate string LastModStartDate
--mispid string MispId
--mitreid string MitreId
--pubenddate string PubEndDate
--pubstartdate string PubStartDate
--ransomware string Ransomware
--threatactor string ThreatActor
Download a backup

Download a backup of a specified index either interactively or retrieve a signed temporary URL

vci backup download|url <index>
Flags (url only)
Flag Description
--json Output the download URL in JSON format.

Based on the specified CPE (Common Platform Enumeration) URI string, this endpoint will return a list of vulnerabilities that are related to the package. We support v2.2 and v2.3

vci cpe <cpe>

Based on the specified PURL, this command will return a list of vulnerabilities that are related to the package. You can find a list of supported package managers here

vci purl <purl>
Scan a repository for vulnerabilities

This command will scan a directory for traces of packages via generating an SBOM and then check for vulnerabilities.

vci scan <path> [flags]
Flags
Flag Description
-f Save scan results to output.json

[!TIP] Looking to plug this into your Github Repository? Check out our own Action

Directories

Path Synopsis
cmd
gen-docs
vci
internal
build
pkg
cmd/about
cmd/auth
cmd/auth/login
cmd/auth/login/token
cmd/auth/login/web
cmd/auth/logout
cmd/auth/status
cmd/backup
cmd/cpe
cmd/index
cmd/indices
cmd/purl
cmd/root
cmd/scan
cmd/version
config
environment
i18n
inquiry
login
models
session
ui
utils

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.