Skip to main content

ShipSafe

ShipSafe
ShipSafe
CLI Reference

CLI Reference

All commands, flags, and options for the ShipSafe CLI.

Install

No install needed. Run via npx:

npx @ship-safe/cli <command>

Or install globally: npm i -g shipsafe

scan

Scan a directory or file for security vulnerabilities.

shipsafe scan [path]

Arguments

[path]Path to scan. Defaults to current directory (".").

Flags

-o, --output <format>Output format: table (default), json, or sarif.
-s, --severity <level>Minimum severity to report: critical, high, medium, low (default: low).
--ciCI mode. Exits with code 1 if findings match the severity threshold. Use in GitHub Actions to block PRs.
--uploadUpload results to your ShipSafe dashboard. Happens automatically when logged in.
--api-url <url>API URL for self-hosted ShipSafe. Default: https://ship-safe.co

Examples

Scan current directory

npx @ship-safe/cli scan .

Only show high/critical findings

npx @ship-safe/cli scan src/ --severity high

JSON output for scripting

npx @ship-safe/cli scan . --output json

CI mode: fail only on critical

npx @ship-safe/cli scan . --ci --severity critical

login

Log in to your ShipSafe account. Opens your browser for authentication. Once logged in, scan results automatically sync to your dashboard.

shipsafe login

Flags

--api-url <url>API URL for self-hosted ShipSafe. Default: https://ship-safe.co

Examples

Log in (opens browser)

npx @ship-safe/cli login

logout

Clear your stored authentication token.

shipsafe logout

whoami

Show your current login status and email.

shipsafe whoami

init

Create a .shipsafe.yml configuration file in the current directory with sensible defaults.

shipsafe init

ignore

Suppress a rule in future scans. Adds it to .shipsafeignore. Suppressed findings still appear in the dashboard as "suppressed" but won't block CI.

shipsafe ignore <rule-id>

Arguments

<rule-id>Rule ID to ignore (e.g., secrets/generic-api-key).

Flags

-r, --reason <reason>Why this rule is being suppressed. Stored as a comment in .shipsafeignore.

Examples

Ignore with reason

npx @ship-safe/cli ignore secrets/generic-api-key -r "Test API key, not real"

Ignore without reason

npx @ship-safe/cli ignore xss/dangerously-set-html

unignore

Re-enable a previously suppressed rule. Removes it from .shipsafeignore.

shipsafe unignore <rule-id>

Arguments

<rule-id>Rule ID to unignore.

Examples

Re-enable a rule

npx @ship-safe/cli unignore secrets/generic-api-key
← PreviousGetting StartedNext →Configuration