Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Eljakani/ward/llms.txt

Use this file to discover all available pages before exploring further.

Global Flags

These flags are available for all Ward commands.
--verbose
boolean
default:"false"
Enable verbose output with detailed logging information.Short flag: -v
ward scan ./my-app --verbose
ward scan ./my-app -v
--no-color
boolean
default:"false"
Disable colored output in the terminal. Useful for CI environments or when piping output.
ward scan ./my-app --no-color
--output
string
default:"tui"
Output mode and format(s). Controls whether Ward runs in interactive TUI mode or headless mode.Short flag: -oValues:
  • tui - Interactive terminal UI (default when TTY available)
  • json - Generate ward-report.json
  • sarif - Generate ward-report.sarif for GitHub Code Scanning
  • html - Generate ward-report.html
  • markdown - Generate ward-report.md
  • Comma-separated list for multiple formats: json,sarif,html
When set to anything other than tui, Ward runs in headless mode with styled text output.
ward scan ./my-app --output json
ward scan ./my-app -o json,sarif
ward scan ./my-app --output json,sarif,html,markdown

Scan Command Flags

These flags are specific to the ward scan command.
--fail-on
string
Exit with code 1 if findings at or above the specified severity threshold are discovered.Values: info, low, medium, high, criticalThe threshold is inclusive - specifying medium will fail on Medium, High, and Critical findings.This flag is essential for CI/CD pipelines to gate deployments based on security findings.
# Fail on High or Critical findings
ward scan . --fail-on high

# Fail on any finding (including Info)
ward scan . --fail-on info

# Fail on Medium, High, or Critical
ward scan . --fail-on medium
When findings exceed the threshold, Ward exits with code 1 and displays a message like:
findings exceed --fail-on high threshold: 2 critical, 3 high
--baseline
string
Path to a baseline file containing known findings to suppress.When a baseline is provided, only new findings (not present in the baseline) will be reported. This allows teams to acknowledge existing security issues while preventing new ones from being introduced.The baseline file is a JSON file generated by --update-baseline.
ward scan . --baseline .ward-baseline.json
ward scan . --baseline /path/to/baseline.json --fail-on high
Commit your baseline file to version control to track acknowledged findings across your team.
--update-baseline
string
Save current scan findings as a new baseline file at the specified path.This generates a baseline file that can be used in subsequent scans with --baseline to suppress known findings.
# Generate initial baseline
ward scan . --update-baseline .ward-baseline.json

# Update baseline after fixing some issues
ward scan . --update-baseline .ward-baseline.json
Use --update-baseline carefully - it will overwrite the baseline file with all current findings, including any new vulnerabilities.

Command Usage Examples

Interactive Scan

# Scan with default interactive TUI
ward scan /path/to/laravel-project

# Scan remote repository
ward scan https://github.com/user/laravel-project.git

Headless Mode

# JSON output only
ward scan ./my-app --output json

# Multiple formats
ward scan ./my-app --output json,sarif,html

# With verbose logging
ward scan ./my-app --output json --verbose

CI/CD Pipeline

# Fail on High/Critical, suppress known findings
ward scan . \
  --output json,sarif \
  --baseline .ward-baseline.json \
  --fail-on high

# No color output for CI logs
ward scan . \
  --output json \
  --no-color \
  --fail-on medium

Baseline Workflow

# Step 1: Generate initial baseline on first run
ward scan . --output json --update-baseline .ward-baseline.json

# Step 2: Commit baseline to repository
git add .ward-baseline.json
git commit -m "Add Ward security baseline"

# Step 3: Use baseline in CI to only catch new findings
ward scan . --baseline .ward-baseline.json --fail-on high

Exit Codes

  • 0 - Success (no findings above threshold, or no threshold set)
  • 1 - Failure (findings exceed --fail-on threshold, or scan error)
See Exit Codes for detailed information.

Build docs developers (and LLMs) love

Get started for freeTalk to us