CLI Overview
vulnlog <command> <file...> [flags]Every command except init requires one or more Vulnlog files as positional arguments.
Read-only commands like validate accept multiple files.
report accepts multiple files; they are merged and must share the same project metadata.
suppress operates on a single file.
No automatic file detection.
Filtering Flags
Available on report and suppress commands.
| Flag | Description |
|---|---|
|
Include vulnerabilities affecting all releases up to and including this release. |
|
Filter by tag (repeatable). |
|
Filter by reporter type. |
Commands
| Command | Description |
|---|---|
Scaffold a new Vulnlog file. |
|
Validate files against the schema and all validation rules. |
|
Generate scanner-specific suppression files. |
|
Generate an HTML vulnerability report. |
|
Copy vulnerability entries from one Vulnlog file into one or more others. |
Exit Codes
| Code | Name | Description |
|---|---|---|
|
Success |
Command completed successfully. |
|
General error |
Unexpected error (I/O failure, missing argument, invalid flag value, file not found, unhandled exception). |
|
Validation error |
The Vulnlog file failed parsing or contains validation errors. |
| Finer-grained exit codes for specific failure categories (file not found, missing flag, invalid flag value, lint violation) are planned for a future release. |