Skip to main content

scan

Basic Usage

kestrel scan --path .

Options

--frameworks: Compliance frameworks (default: fips_140_3)
--json, --sarif, --html, --pdf, --cbom: Output formats
--output: Output file path
--no-semgrep: Disable Semgrep scanning
--semgrep-only: Run only Semgrep scanning
--semgrep-config: Semgrep config path or registry pack

Examples

# Multiple frameworks with SARIF output
kestrel scan --path . --frameworks fips_140_3,pci_dss_4 --sarif --output results.sarif

# Use curated Semgrep rules or a registry pack
kestrel scan --semgrep-config rules/semgrep/crypto.yml
kestrel scan --semgrep-config p/crypto@<version>

Basic Usage
Options
Examples