CLI Reference
All commands, flags, and options for the PipeGuard binary.
Commands
pipeguard scan
Scan files or directories for security violations and quality issues.
shell$ pipeguard scan [path] [flags]
| Flag | Short | Default | Description |
|---|---|---|---|
--format | -f | terminal | Output format: terminal, json, or sarif |
--severity | -s | all | Filter by severity: critical, high, medium, low, info. Comma-separated. |
--fix | false | Show fix suggestions for each violation | |
--output | -o | stdout | Write output to file instead of stdout |
--no-color | false | Disable ANSI colors in terminal output |
pipeguard version
Print the PipeGuard version.
shell$ pipeguard --version
PipeGuard v0.1.0
pipeguard help
Show help for any command.
shell$ pipeguard help scan
Examples
Scan current directory
shell$ pipeguard scan .
Recursively walks the directory, auto-detects all supported file types, and scans them.
Scan single file
shell$ pipeguard scan .gitlab-ci.yml
$ pipeguard scan Dockerfile
$ pipeguard scan Jenkinsfile
Filter critical + high only
shell$ pipeguard scan . --severity critical,high
JSON report to file
shell$ pipeguard scan . --format json --output report.json
SARIF for GitHub Security tab
shell$ pipeguard scan . --format sarif --output results.sarif
Show fix suggestions
shell$ pipeguard scan . --fix
No color (for piping / CI logs)
shell$ pipeguard scan . --no-color
Combine flags
shell$ pipeguard scan . --severity critical,high --fix --format json --output report.json
Exit Codes
| Code | Meaning |
|---|---|
0 | Scan completed, no violations found |
1 | Scan completed, violations found |
2 | Error (invalid arguments, file not found, etc.) |
Environment Variables
| Variable | Description |
|---|---|
NO_COLOR | If set, disables all ANSI colors (respects no-color.org convention) |
TERM | If dumb, disables colors automatically |