Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/NetRiseInc/provenance-cli/llms.txt

Use this file to discover all available pages before exploring further.

All commands support three output formats via the --format flag. The default is human.

human (default)

Colored tables with Unicode borders, designed for interactive terminal use. 
provenance query package 'pkg:deb/debian/curl@7.68.0-1?arch=amd64&distro=debian-10'
# or explicitly:
provenance query package 'pkg:deb/debian/curl@7.68.0-1' --format human
Display options for human output:
FlagEffect
--quiet / -qShow verdict/summary line only
--no-colorDisable ANSI colors
--asciiASCII table borders instead of Unicode box-drawing characters
-vVerbose — show additional fields
-vvDebug — show HTTP request/response details
Set the NO_COLOR environment variable to permanently disable colors without passing --no-color every time. This follows the no-color.org convention.

json

Structured JSON output for automation, scripting, and piping to tools like jq. 
provenance check sbom.json --policy policies/ --format json

# Extract advisory names with jq
provenance query package 'pkg:deb/debian/curl@7.68.0-1' --format json | jq '.advisories[].name'
Use JSON output in scripts that need to parse results programmatically or forward them to other systems.

sarif

SARIF v2.1.0 output for GitHub Code Scanning, Azure DevOps, and other SARIF-compatible security tools. 
provenance check sbom.json --policy policies/ --format sarif > results.sarif
SARIF output maps policy findings to SARIF rules and results, enabling direct import into GitHub’s Security tab.
SARIF output is only meaningful for check and scan commands that evaluate policies. Use --format sarif together with --policy to produce findings.
See SARIF upload to GitHub Code Scanning for a complete example.

Summary table

FlagUse case
--format humanInteractive terminal — colored tables
--format jsonScripting, automation, jq pipelines
--format sarifGitHub Code Scanning, Azure DevOps
--quietCI/CD — summary line only
--no-colorTerminals without color support
--asciiTerminals without Unicode support

SARIF upload

Upload SARIF results to GitHub Code Scanning.

GitHub Actions

Use provenance in CI/CD workflows.

Build docs developers (and LLMs) love

Get started for freeTalk to us