Skip to main content

Documentation Index

Fetch the complete documentation index at: https://zeropath.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Overview

ZeroPath CLI provides command-line access to ZeroPath’s AI-powered security scanning platform. Upload and scan your code directly from your terminal with support for multiple output formats and CI/CD integration.

Get the CLI

Download the latest release from our GitHub repository

What ZeroPath CLI Detects

The CLI scans for a comprehensive range of security vulnerabilities:
  • Authentication and authorization vulnerabilities
  • Application logic flaws
  • Dependency issues
  • Security misconfigurations
  • Command injection vulnerabilities
  • File inclusion and path traversal attacks
  • Secrets and hardcoded credentials

Quick Start

# Install CLI (see installation guide)
# Authenticate with your API credentials
zeropath auth <clientId> <clientSecret>

# Scan current directory
zeropath scan . output.sarif

# Scan by repository ID
zeropath scan --repository-id <repositoryId>

# Scan by repository URL
zeropath scan --repository-url https://github.com/owner/repo --vcs github

Core Commands

Authentication

# Authenticate with API credentials
zeropath auth <clientId> <clientSecret>

Local Directory Scanning

# Basic scan
zeropath scan <directory> <outputFile.sarif>

# Example
zeropath scan ./my-project results.sarif

Repository Scanning

# Scan by repository ID
zeropath scan --repository-id <repositoryId>

# Scan by repository URL
zeropath scan --repository-url https://github.com/owner/repo --vcs github

On-Demand Code Scans Beta

Use scan-code to submit a diff, file, file set, or snippet for asynchronous security review without starting a full repository scan. 
# Scan the current Git working-tree diff
zeropath scan-code --diff

# Scan staged changes
zeropath scan-code --staged

# Scan one file
zeropath scan-code --file src/api.ts

# Force standalone mode when you do not want linked repository context
zeropath scan-code --diff --standalone
By default, scan-code uses your Git remote URL to automatically use linked repository context when exactly one accessible ZeroPath repository matches. If there is no match, it runs as a standalone scan.
On-Demand Code Scans are currently in beta. Behavior, limits, and response fields may change before general availability.
See On-Demand Code Scans Beta for request formats, target modes, limits, and API examples.

CI/CD Integration

The CLI is designed for seamless CI/CD integration — it exits with code 1 when security issues are found or when an error occurs during scanning: 
# Scan a repository (exits 1 if issues found)
zeropath scan --repository-id <repositoryId>

# Generate SARIF output (local scan only)
zeropath scan . results.sarif

Scan Timeout

Local directory scans have a maximum polling timeout of approximately 50 minutes. If the scan does not complete within this window, the CLI exits with an error. This prevents CI/CD pipelines from hanging indefinitely on long-running scans.

Output Formats

ZeroPath CLI supports multiple output formats for different use cases:
  • SARIF: Standard format for static analysis results (local scans)
  • Console: Human-readable formatted output for terminal viewing

Getting API Credentials

To use the CLI, you’ll need API credentials from your ZeroPath account:
  1. Sign in to ZeroPath Dashboard
  2. Navigate to API Settings
  3. Generate new API credentials (Client ID and Client Secret)
  4. Use these credentials with zeropath auth

Next Steps