Vulnetix CLI

Documentation

Welcome to the Vulnetix CLI documentation. Choose a section to get started.

Getting Started
Install Vulnetix CLI on your platform.
CLI Reference
Commands, flags, and usage patterns.
Reachability Analysis
Tree-sitter source-level reachability for every CVE.
CI/CD Integrations
GitHub Actions, GitLab CI, Bitbucket, Azure DevOps.
Enterprise
Corporate proxy, publishing, and distribution.
SAST Rules
Built-in static analysis rules with remediation guides.

What’s new

  • Tree-sitter reachability — Every vulnetix vdb vuln lookup now runs CVE-specific tree-sitter queries against your project, reporting exact file:line:line matches for the vulnerable pattern. Direct mode confirms the pattern is in the installed package; transitive mode finds first-party callers. 17 languages bundled. See Reachability Analysis.
  • VDB API v2 is the default — Previous releases defaulted to -V v1; current releases default to v2. The v2 surface adds timelines, scorecards, KEV merging, parallel fixes, and the tree-sitter queries powering reachability. Pass -V v1 only when explicitly required; v1 will be removed in a future release.
Getting Started
CLI Reference
Complete reference for all Vulnetix CLI commands, flags, and usage patterns.
CI/CD Integrations
Enterprise
SAST Rules