Usage Guide
Basic Scan
trivault-harness scan --target ./my-project
Recursive Deep Scan
trivault-harness scan --target ./my-project --deep --recursive
The --recursive flag enables multi-pass analysis where findings from one scan pass are used to inform deeper investigation in subsequent passes.
Secret Detection
trivault-harness scan --target ./my-project --secrets
Scans for hardcoded API keys, passwords, tokens, certificates, and other credentials across all file types.
Dependency Analysis
trivault-harness scan --target ./my-project --dependencies
Analyzes dependency trees for known vulnerabilities, license compliance, and supply chain risks.
Custom Policies
# policy.yaml
rules:
- name: no-hardcoded-keys
pattern: "API_KEY=|SECRET=|password="
severity: critical
- name: deprecated-api
pattern: "v1/.*/deprecated"
severity: high