Skip to content

Quickstart

Install the CLI, sign in, vet a package, scan your code, and read your first REDYELLOWGREEN verdicts - in five minutes.

One line per platform:

Terminal window
curl -fsSL https://get.alertavuln.com/cli/install.sh | sh

The installer puts the alertavuln binary on your PATH and creates the av convenience alias - the two names are interchangeable in every example. For checksum verification, manual downloads, and pinning a specific version, see Install the CLI.

  1. Sign in. av login opens your browser; authenticate on the web with Entra/Microsoft, Google, or email, and the token is handed back to the CLI and cached - no credentials are ever typed into the terminal.

    Terminal window
    av login
    av whoami

    av whoami confirms who you are logged in as and which API the CLI is talking to.

  2. Vet a package before you add it. av check pre-flights a single package coordinate against AlertaVuln’s intelligence - matching CVEs, a suggested safe version, and maintenance health. No project needed.

    Terminal window
    av check npm vite 6.0.0

    Each matching CVE is classified red (your version is confirmed inside the affected range) or yellow (could not be determined - verify manually); CVEs that confirmably don’t affect that version are omitted.

  3. Scan your code. av sast scan runs a series of specialised scans over a local path and tiers every finding RED / YELLOW / GREEN. It runs entirely on your machine - no sign-in or upload happens unless you pass --project.

    Terminal window
    av sast scan --path .
  4. Read your alerts. Once a project exists and has a tech stack (create one in the web app or with av project create), list its vulnerability alerts - a RED/YELLOW/GREEN summary line followed by one row per alert:

    Terminal window
    av project list
    av alerts --project <project-id>