Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Centurylong/sanctifier/llms.txt
Use this file to discover all available pages before exploring further.
sanctifier cve is a subcommand group for interacting with the built-in Soroban and Stellar vulnerability database that powers sanctifier analyze. The database contains entries for known vulnerability classes (prefixed SOL- for Soroban/Stellar and SOB- for protocol-level issues), each with a severity rating, CVSS score, category, description, proof-of-concept snippet, patch guidance, and references. The five subcommands let you search, browse, display, export, and serve the database.
Subcommand overview
| Subcommand | Description |
|---|---|
cve search | Full-text search across ID, name, description, tags, and category |
cve list | List all entries with optional category and severity filters |
cve show | Display full details for a single entry by ID |
cve export | Dump the database as JSON or RSS to a file or stdout |
cve serve | Start a local HTTP API server on port 7654 |
cve search
Search the database for entries matching a keyword. The search checks the entry’s ID, name, description, tags, and category fields. Usage:Keyword to search. Case-insensitive; matches any of: ID, name, description,
tags, category.
Output format. Use
json to receive a JSON array of matching entries.cve list
List all vulnerability entries in the database with optional category or severity filters. Usage:Filter by category. Common values include
access-control, arithmetic,
storage, upgrade, events. The match is case-insensitive.Filter by severity:
critical, high, medium, or low.
Case-insensitive.Output format.
cve show
Display the full details for a specific vulnerability entry by its ID. Usage:Vulnerability ID. Accepts
SOL-YYYY-NNN (Soroban/Stellar layer) or
SOB-YYYY-NNN (protocol layer) format.Output format. Use
json to receive the full entry as a JSON object.cve export
Export the full vulnerability database to a file or stdout in JSON or RSS format. Usage:Export format. Use
json for machine consumption or to use as a custom
--vuln-db with sanctifier analyze. Use rss to generate a feed that
security teams can subscribe to.Write the output to this file path. When omitted, the content is printed to
stdout.
Base URL used to generate entry links in the RSS feed. Override this when
self-hosting the database.
<channel> with one <item> per entry, including title, description, severity, category, link, and publication date.
Using a custom database with sanctifier analyze:
Export the built-in database, extend it with your own entries, and pass it back:
cve serve
Start a local HTTP server that exposes the vulnerability database as a JSON API and RSS feed. Usage:TCP port to listen on.
| Endpoint | Response |
|---|---|
GET /api/vulndb | Full database as a JSON array |
GET /api/vulndb/<ID> | Single entry JSON (e.g. /api/vulndb/SOL-2024-001) |
GET /api/vulndb/feed.rss | RSS feed of all entries |
Access-Control-Allow-Origin: *, making the API usable from browser-based tooling without CORS configuration.