The GuardRails CLI allows you to interact with GuardRails via the command line.
To use the GuardRails CLI, you require an active GuardRails account and a CLI token.
More information on how to get started can be found here.
Your GuardRails account CLI token can be obtained under Settings->CLI Authentication on the GuardRails dashboard.
Just paste this command, and you're good to go. We're assuming you're using bash, but you can change it accordingly based on the shell you're using. You might be asked for a password for sudo in the installation process.
curl -fsSL https://raw.githubusercontent.com/guardrailsio/guardrails-cli/main/etc/scripts/install.sh | bash
Alternatively, you can also install guardrails via brew:
brew tap guardrailsio/guardrails
brew install guardrails
You require scoop before installing guardrails. The rest will be similar to the installation scripts for Linux / OSX. Execute the below command in your powershell:
iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/guardrailsio/guardrails-cli/main/etc/scripts/install.ps1'))
Here are the main GuardRails CLI commands:
scan: Scans a repository for vulnerabilities and outputs resultsversion: Displays the build version
For more information on all the options and available arguments, please check the help menu with: guardrails --help
The CLI will output the total number of detected vulnerabilities.
Vulnerabilities are grouped by category, i.e., Hard-Coded Secrets.
For each item within a category, the following information is shown:
- A severity index (see table below).
- The type of vulnerability containing a hyperlink to fixing advice in our documentation.
- The file path and line number.
Example: (M) Hard-coded Secret - awesome-product/config.js:2
Here we're looking at a vulnerability of type Hard-coded secret with a Medium severity in the file awesome-product/config.js at line 2.
For Vulnerable Libraries specifically, the type of vulnerability will be replaced by the dependency name and version.
Example: (C) pkg:gem/[email protected] - awesome-product/Gemfile.lock:14
Here we're looking at the vulnerable mypackage dependency in version 2.5.2 with a Critical severity declared in the file awesome-product/Gemfile.lock at line 14.
| Index | Severity |
|---|---|
| (N/A) | Not available |
| (I) | Informational |
| (L) | Low |
| (M) | Medium |
| (H) | High |
| (C) | Critical |
https://www.guardrails.io/docs/en/cli/introduction
The GuardRails CLI is released under the Apache 2.0 license. See LICENSE.txt