av alerts
Show the vulnerability alerts for a project - a REDYELLOWGREEN summary line followed by one row per alert.
Synopsis
Section titled “Synopsis”av alerts --project <projectId> [flags]The binary ships as alertavuln; av is the common alias - they are
interchangeable in every example.
Description
Section titled “Description”av alerts fetches the project’s RED/YELLOW/GREEN rollup and its alert list,
then renders both: a one-line summary of counts per tier, and a table with one
row per alert (CVE id, severity, status, first matched package, acknowledged).
Every alert carries one of the three verdict tiers plus the reasoning behind
it - see Three tiers, with reasoning.
Filter the list with --status (one tier), --acknowledged (acknowledged
only; --acknowledged=false for unacknowledged only - omit the flag to show
both), and --resolved (resolved alerts are excluded by default).
--json prints raw JSON instead: a single object with a summary key (the
verbatim stats response) and an alerts key (the verbatim list response).
--export writes the output to disk - a styled, self-contained HTML report
with the table plus the embedded raw JSON, or a .json file when combined
with --json. Pass a directory to get alerts.html / alerts.json inside
it, or a path with a file extension to name the file yourself.
Options
Section titled “Options”| Flag | Default | Description |
|---|---|---|
--project |
- | Project ID to list alerts for (required) |
--status |
- | Filter by verdict tier: red, yellow, or green |
--acknowledged |
- | Show only acknowledged alerts; --acknowledged=false shows only unacknowledged. Omit to show both |
--resolved |
false |
Include resolved alerts |
--json |
false |
Output raw JSON instead of a table |
--export |
- | Export to a directory or file (HTML report; raw JSON with --json) |
Examples
Section titled “Examples”List every open alert for a project:
av alerts --project 7f3d2a91-4c8e-4b0a-9f6d-1e5a8c2b7d43RED 2 YELLOW 1 GREEN 4 (7 total)
CVE SEVERITY STATUS PACKAGE ACKCVE-2026-1097 High Red [email protected] (+1 more) noCVE-2026-24813 Critical Red [email protected] yesCVE-2026-30204 High Yellow golang.org/x/[email protected] noCVE-2025-48734 Medium Green [email protected] noTriage what actually needs action - unacknowledged RED alerts only:
av alerts --project 7f3d2a91-4c8e-4b0a-9f6d-1e5a8c2b7d43 --status red --acknowledged=falseWrite a self-contained HTML report to a directory (the file lands at
./reports/alerts.html):
av alerts --project 7f3d2a91-4c8e-4b0a-9f6d-1e5a8c2b7d43 --export ./reportsExit codes
Section titled “Exit codes”| Code | Meaning |
|---|---|
0 |
Alerts listed or exported successfully |
1 |
Error - not logged in, invalid --status value, or the API request failed |
See also
Section titled “See also”av alerts get- full detail for a single alertav alerts ack- acknowledge an alert, optionally with a note