CLI startup guide
Run your first compliance-mapped scan in one command.
First run
npx @cveriskpilot/scan --preset startupThis preset is designed for teams that want the fastest useful baseline: dependency risk, secrets exposure, infrastructure issues, and API surface checks in one pass.
What you get
Dependency scanner
Parses lock files across 13 package manager formats and matches dependencies against OSV advisories.
Secrets scanner
Finds hardcoded credentials, connection strings, tokens, and leaked keys with redaction in output.
IaC scanner
Checks Terraform, CloudFormation, Kubernetes manifests, and Dockerfiles for high-risk configuration issues.
API security scanner
Checks Next.js API routes for missing auth, weak validation, injection patterns, and sensitive logging.
Framework mapping
The startup preset ships with mapped compliance context.
The startup preset is tuned for early teams that need a credible baseline without running the entire framework catalog.
| Framework | Controls |
|---|---|
| SOC 2 Type II | 52 |
| OWASP ASVS | 6 |
Output formats
--format tableTerminal-first summary with severity, compliance, and risk signals.
--format jsonStructured findings for programmatic consumption and local processing.
--format sarifSARIF 2.1.0 output for GitHub Code Scanning and similar tooling.
--format markdownCompact report output for PR comments and internal documentation.
Useful flags
npx @cveriskpilot/scan --preset startup --format json
npx @cveriskpilot/scan --preset startup --fail-on high
npx @cveriskpilot/scan --preset startup --output results.sarif
npx @cveriskpilot/scan --preset startup --uploadCI example
- name: Run startup preset
run: npx @cveriskpilot/scan --preset startup --format sarif --output results.sarifUse SARIF for code scanning integrations, JSON for internal processing, and upload once you want hosted triage and console tracking.
Presets
| Preset | Use case | Frameworks |
|---|---|---|
| startup | First SOC 2 and general startup security posture | SOC 2 Type II, OWASP ASVS |
| federal | Federal and FedRAMP-oriented teams | NIST 800-53 + FedRAMP aligned surfaces |
| defense | Defense Industrial Base and CMMC workflows | CMMC + NIST 800-53 aligned surfaces |
| all | Full implemented framework coverage | All 13 implemented frameworks |
Exit codes and troubleshooting
No findings at or above the fail threshold.
Findings crossed the configured fail threshold.
The scanner could not complete successfully.
No findings expected but the scan is empty
Run from the repository root and confirm manifest files exist in the working tree.
Upload returns 401
Check the API key and confirm it belongs to the correct workspace and organization.
AI enrichment fails locally
Verify your local LLM runtime is running before enabling offline AI enrichment flags.
Next steps
Start Pro trial
Create a workspace and move from local scans into hosted usage with a 14-day Pro trial.
Review CLI reference
See the full flag and output reference for the scanner.
Read pipeline docs
Wire the scanner into CI and downstream triage flows.
Open the platform
Move from the CLI into keys, usage, and hosted developer workflows.