Vulnlog Documentation
Vulnlog is a developer-oriented CLI tool for tracking and documenting software vulnerability findings.
It uses a YAML-based format (*.vl.yaml) that lives in your repository alongside your code, giving your team a single source of truth for vulnerability management.
What Vulnlog does
-
Track SCA vulnerability findings in your repository
-
Record analysis verdicts and justifications per vulnerability
-
Generate suppression files for scanners (Trivy, Snyk, and generic format)
-
Validate Vulnlog files against the schema
-
Filter by release, tag, or reporter
Next steps
-
Install Vulnlog and run through the Quickstart
-
Learn about the Vulnlog YAML format
-
Explore the CLI commands