CLI Overview

vulnlog <command> <file...> [flags]

Every command except init requires one or more Vulnlog files as positional arguments. Read-only commands like validate accept multiple files. Output-generating commands like suppress and report operate on a single file. No automatic file detection.

Global Flags

Flag Description

Flag	Description
`--version`	Print version and exit.
`--help`	Print help.

--version

Print version and exit.

--help

Print help.

Filtering Flags

Available on report and suppress commands.

Flag Description

Flag	Description
`--release <id>`	Include vulnerabilities affecting all releases up to and including this release.
`--tag <id>`	Filter by tag (repeatable).
`--reporter <value>`	Filter by reporter type.

--release <id>

Include vulnerabilities affecting all releases up to and including this release.

--tag <id>

Filter by tag (repeatable).

--reporter <value>

Filter by reporter type.

Commands

Command	Description
init	Scaffold a new Vulnlog file.
validate	Validate files against the schema and all validation rules.
suppress	Generate scanner-specific suppression files.
report	Generate an HTML vulnerability report.

Command

Description

init

Scaffold a new Vulnlog file.

validate

Validate files against the schema and all validation rules.

suppress

Generate scanner-specific suppression files.

report

Generate an HTML vulnerability report.

Exit Codes

Code Name Description

Code	Name	Description
`0`	Success	Command completed successfully.
`1`	General error	Unexpected error (I/O failure, missing argument, invalid flag value, file not found, unhandled exception).
`2`	Validation error	The Vulnlog file failed parsing or contains validation errors.

0

Success

Command completed successfully.

1

General error

Unexpected error (I/O failure, missing argument, invalid flag value, file not found, unhandled exception).

2

Validation error

The Vulnlog file failed parsing or contains validation errors.

Finer-grained exit codes for specific failure categories (file not found, missing flag, invalid flag value, lint violation) are planned for a future release.