Syntax
Subcommands
audit session
Audit execution activity within sessions.Specific session ID to audit. If not provided, uses the current workspace session.
Audit across all sessions in the workspace instead of a single session.
audit repo
Comprehensive repository-wide security audit combining code scanning, secret detection, and package audits.Target directory for repository audit
Report format:
text, markdown, or jsonPath to allowlist file for known-safe secrets
Comma-separated path globs to ignore in secret scan (e.g., “vendor/**,*.test.js”)
Exit with code 2 if any findings are detected (useful for CI/CD)
Disable auto-installation of audit dependencies (npm, pip-audit)
- Static security scan (scan-security)
- Secret detection (scan-secrets)
- npm vulnerabilities (if package.json exists)
- Python vulnerabilities (if requirements.txt exists)
audit npm
Audit npm package vulnerabilities usingnpm audit.
Target directory containing package.json
Exit with code 2 if vulnerabilities are found
Don’t auto-install npm if missing
audit python
Audit Python package vulnerabilities usingpip-audit.
Target directory. Uses requirements.txt if present, otherwise scans environment.
Exit with code 2 if vulnerabilities are found
Don’t auto-install pip-audit if missing
Exit Codes
- 0: Audit completed successfully (no findings if —fail was used)
- 1: Audit failed due to error
- 2: Findings detected (only when —fail is specified)
Examples
Audit current session
Audit all sessions
Full repository audit
CI/CD integration
Audit with secret allowlist
Package-specific audits
JSON output for automation
Related Commands
- session - Manage sessions
- scan-secrets - Dedicated secret scanning
- scan-security - Dedicated code security scanning
- cve - CVE-aware dependency scanning