Quickstart
Install the CLI, sign in, vet a package, scan your code, and read your first REDYELLOWGREEN verdicts - in five minutes.
Install
Section titled “Install”One line per platform:
curl -fsSL https://get.alertavuln.com/cli/install.sh | shirm https://get.alertavuln.com/cli/install.ps1 | iexThe installer puts the alertavuln binary on your PATH and creates the av
convenience alias - the two names are interchangeable in every example. For
checksum verification, manual downloads, and pinning a specific version, see
Install the CLI.
First run
Section titled “First run”-
Sign in.
av loginopens your browser; authenticate on the web with Entra/Microsoft, Google, or email, and the token is handed back to the CLI and cached - no credentials are ever typed into the terminal.Terminal window av loginav whoamiav whoamiconfirms who you are logged in as and which API the CLI is talking to. -
Vet a package before you add it.
av checkpre-flights a single package coordinate against AlertaVuln’s intelligence - matching CVEs, a suggested safe version, and maintenance health. No project needed.Terminal window av check npm vite 6.0.0Each matching CVE is classified
red(your version is confirmed inside the affected range) oryellow(could not be determined - verify manually); CVEs that confirmably don’t affect that version are omitted. -
Scan your code.
av sast scanruns a series of specialised scans over a local path and tiers every finding RED / YELLOW / GREEN. It runs entirely on your machine - no sign-in or upload happens unless you pass--project.Terminal window av sast scan --path . -
Read your alerts. Once a project exists and has a tech stack (create one in the web app or with
av project create), list its vulnerability alerts - a RED/YELLOW/GREEN summary line followed by one row per alert:Terminal window av project listav alerts --project <project-id>
Next steps
Section titled “Next steps”- Red, yellow, green - how the three-tier verdict model works.
- Authentication - how
av loginworks and where the token lives. av sast scan- every flag of the local code scan.- Install the CLI - verification, manual installs, and version history.