Skip to Content
CLIScanning

Scanning

The scan command is the fastest way to onboard a repository. It walks through dependency analysis, environment variable import, secret leak detection, and secret file upload in a single interactive session.

Usage

depvault scan [--path <dir>] [--project <id>]
FlagDescriptionDefault
--pathRepository root path.Current directory
--projectProject ID to use.Prompts interactively

Requires interactive mode. In CI pipelines, use the individual commands (analyze, push env, ci pull) instead.

What It Does

The scan runs six steps in sequence:

  1. Project resolution — Uses your active project, lets you select one, or creates a new project named after the repository directory.
  2. Dependency analysis — Discovers dependency files (package.json, requirements.txt, *.csproj, etc.), lets you select which to analyze, uploads each for vulnerability and version checking, and shows health scores.
  3. Environment file push — Finds .env, appsettings.json, secrets.yaml, and config.toml files. You select which to push. Each file is mapped to a vault group by directory (matched by directoryPath or name, or created if new). When filenames don’t indicate the environment type (e.g. plain .env), you’re prompted to choose one.
  4. Secret leak scan — Scans source files locally for hardcoded secrets (AWS keys, private keys, API tokens, connection strings). Findings are shown in a severity-coded table. Optionally adds detected files to .gitignore.
  5. Secret file upload — Discovers certificate and credential files (_.pem, _.key, *.pfx, service-account.json). You select which to upload as encrypted secret files.
  6. Summary dashboard — Displays a summary panel with counts for dependencies analyzed, vulnerabilities found, variables pushed, leaks detected, and files uploaded.

Example Session

$ depvault scan

 DepVault CLI
 Secure your stack. Analyze. Vault. Ship.
 v1.1.0

Scanning: /home/user/my-project

? Use project 'my-project'? Yes

── Dependency Analysis ──────────────────────────
Found 2 dependency file(s)
├── package.json
└── apps/backend/package.json

? Select files to analyze (all selected)
  [x] package.json
  [x] apps/backend/package.json

✓ Analysis complete

── Environment Files ────────────────────────────
Found 2 environment file(s)
├── apps/backend/.env
└── apps/frontend/.env

? Select files to push (none selected)
  [x] apps/backend/.env
  [x] apps/frontend/.env

apps/backend/ (.env)
  vault group: backend
apps/frontend/ (.env)
  vault group: frontend

? Select environment type: DEVELOPMENT

✓ Imported 12 variables from apps/backend/.env
✓ Imported 8 variables from apps/frontend/.env

── Secret Leak Detection ────────────────────────
✓ No secret leaks detected.

── Secret Files ─────────────────────────────────
No secret files found.

┌─────────────────────────┬────────┐
│ Metric                  │ Result │
├─────────────────────────┼────────┤
│ Dependencies analyzed   │ 284    │
│ Files analyzed          │ 2      │
│ Vulnerabilities found   │ 0      │
│ Env variables pushed    │ 20     │
│ Secret leaks detected   │ 0      │
│ Secret files uploaded   │ 0      │
└─────────────────────────┴────────┘
CLIAuthentication