Scanning
The scan command is the fastest way to onboard a repository. It walks through dependency analysis, config file push, secret leak detection, and secret file upload in a single interactive session.
Usage
depvault scan [--path <dir>] [--project <id>]| Flag | Description | Default |
|---|---|---|
--path | Repository root path. | Current directory |
--project | Project ID to use. | Prompts interactively |
Requires interactive mode. In CI pipelines, use the individual commands (analyze, push, ci pull) instead.
What It Does
The scan runs six steps in sequence:
- Project resolution — Uses your active project, lets you select one, or creates a new project named after the repository directory.
- Dependency analysis — Discovers dependency files (package.json, requirements.txt, *.csproj, etc.), lets you select which to analyze, uploads each for vulnerability and version checking, and shows health scores.
- Config file push — Finds .env, appsettings.json, secrets.yaml, and config.toml files. You select which to push. Each file is encrypted whole and uploaded as a blob; its owning app and environment slug are inferred from the file’s path and name (no vault groups, no per-variable parsing).
- Secret leak scan — Scans source files locally for hardcoded secrets (AWS keys, private keys, API tokens, connection strings). Findings are shown in a severity-coded table. Optionally adds detected files to .gitignore.
- Secret file upload — Discovers certificate and credential files (_.pem, _.key, *.pfx, service-account.json). You select which to upload as encrypted secret blobs.
- Summary dashboard — Displays a summary panel with counts for dependencies analyzed, vulnerabilities found, files pushed, leaks detected, and secret files uploaded.
Example Session
$ depvault scan
DepVault CLI
Secure your stack. Analyze. Vault. Ship.
v1.1.0
Scanning: /home/user/my-project
? Use project 'my-project'? Yes
── Dependency Analysis ──────────────────────────
Found 2 dependency file(s)
├── package.json
└── apps/backend/package.json
? Select files to analyze (all selected)
[x] package.json
[x] apps/backend/package.json
✓ Analysis complete
── Config Files ─────────────────────────────────
Found 2 config file(s)
├── apps/backend/.env
└── apps/frontend/.env
? Select files to push (all selected)
[x] apps/backend/.env
[x] apps/frontend/.env
✓ Pushed apps/backend/.env (app: apps/backend, env: base)
✓ Pushed apps/frontend/.env (app: apps/frontend, env: base)
── Secret Leak Detection ────────────────────────
✓ No secret leaks detected.
── Secret Files ─────────────────────────────────
No secret files found.
┌─────────────────────────┬────────┐
│ Metric │ Result │
├─────────────────────────┼────────┤
│ Dependencies analyzed │ 284 │
│ Files analyzed │ 2 │
│ Vulnerabilities found │ 0 │
│ Config files pushed │ 2 │
│ Secret leaks detected │ 0 │
│ Secret files uploaded │ 0 │
└─────────────────────────┴────────┘