Try it now
$ npx @vexlit/cli scan .2 MINUTES
Run Your First Scan
Go from zero to vulnerability report in under 2 minutes. No account required.
Prerequisites
- Node.js 18 or higher
- A project directory with source code
Step 1: Run the scan
Open your terminal in any project directory and run:
$ npx @vexlit/cli scan .No installation needed. npx downloads and runs VEXLIT automatically.Step 2: Understand the output
VEXLIT displays results grouped by severity. Each finding includes:
- Severity — Critical, High, Medium, or Low
- Rule ID — e.g., VEXLIT-003 (SQL Injection)
- File & Line — exact location in your code
- CWE — Common Weakness Enumeration reference
- Fix suggestion — how to resolve the issue
Example Output
CRITICAL VEXLIT-003 SQL Injection (CWE-89)
src/db/users.js:42:5
User input directly concatenated into SQL query.
Fix: Use parameterized queries instead.
HIGH VEXLIT-021 Hardcoded Secret (CWE-798)
src/config.js:8:1
API key found in source code.
Fix: Move to environment variable.
─────────────────────────────────
Scanned 127 files in 1.2s
Found: 2 critical, 3 high, 5 medium, 1 lowStep 3: Export results
Generate a SARIF report for your CI/CD pipeline or GitHub Security tab:
$ npx @vexlit/cli scan . --format sarif -o results.sarifUpload to the web dashboard for PDF reports, CSV exports, AI analysis, and auto-fix.Step 4: Set a severity threshold
Fail the scan if critical or high severity issues are found — useful for CI/CD gates:
$ npx @vexlit/cli scan . --fail-on highNext step
Next Step
Learn how to automatically fix the vulnerabilities VEXLIT found.
Fix Vulnerabilities →