Installation
Vulnlog can be installed and used in several ways.
Docker
A container image is published to the GitHub Container Registry on every release. The image runs as a non-root user (UID 1000) by default.
docker pull ghcr.io/vulnlog/vulnlog:0.12.0
docker run --rm ghcr.io/vulnlog/vulnlog:0.12.0 --version
vulnlog version 0.12.0Either use STDOUT, STDIN or Docker volumes to pass files into the container and get them out of it.
--output -.docker run --rm ghcr.io/vulnlog/vulnlog:0.12.0 init --organization "Demo Org" --name Demo --author Me --output -
---
schemaVersion: "1"
project:
organization: "Demo Org"
name: "Demo"
author: "Me"
releases: []
vulnerabilities: []-i flag to keep STDIN open to pass the vulnlog.yaml file into the container.docker run --rm -i ghcr.io/vulnlog/vulnlog:0.12.0 validate - < vulnlog.yaml
Validation OKdocker run --rm -v "$PWD:/work" ghcr.io/vulnlog/vulnlog:0.12.0 suppress vulnlog.yaml
Suppression file created at: /work/.snyk
Suppression file created at: /work/.trivyignore.yaml|
Not all Vulnlog CLI commands support the same set of input (STDIN) and output (STDOUT) capabilities. Check the corresponding command documentations for more details. |
Native Binary
Standalone native binaries are built with GraalVM and require no Java runtime. They start instantly and are the recommended choice for local use.
-
Download the latest Vulnlog archive from releases page.
-
Extract the archive.
-
Move the
vulnlogbinary to a directory onPATH, for example/usr/local/bin. -
Verify the installation:
vulnlog --version vulnlog version 0.12.0
JVM Distribution
A platform-independent JVM distribution is also published on the releases page. It requires Java 21 or later to be installed.