Skip to main content

Usage Guide

Basic Scan

trivault-harness scan --target ./my-project

Recursive Deep Scan

trivault-harness scan --target ./my-project --deep --recursive

The --recursive flag enables multi-pass analysis where findings from one scan pass are used to inform deeper investigation in subsequent passes.

Secret Detection

trivault-harness scan --target ./my-project --secrets

Scans for hardcoded API keys, passwords, tokens, certificates, and other credentials across all file types.

Dependency Analysis

trivault-harness scan --target ./my-project --dependencies

Analyzes dependency trees for known vulnerabilities, license compliance, and supply chain risks.

Custom Policies

# policy.yaml
rules:
- name: no-hardcoded-keys
pattern: "API_KEY=|SECRET=|password="
severity: critical
- name: deprecated-api
pattern: "v1/.*/deprecated"
severity: high