← Back to home

CLI — Local Scanning

Run security scans locally on your machine. Secrets, SAST, IaC — all offline-capable.

Installation

$ pip install patchops-cli

Authentication

$ patchops auth login

Key Commands

$ patchops scan website https://example.go.kr --attack-chain

URL 스캔 + 공격자 시뮬레이션 체인 (Recon → Probe → Exploit → Post). 해외 IP 차단 대상 사이트도 로컬에서 바로 검사 가능합니다.

$ patchops scan secrets --local

Scan for hardcoded secrets, API keys, tokens, and credentials in your codebase.

$ patchops scan sast --local

Static Application Security Testing with 3,200+ rules across 25 languages.

$ patchops scan iac --local

Infrastructure-as-Code scanning for Terraform, CloudFormation, Kubernetes manifests.

$ patchops findings list

List all findings from previous scans with severity, CWE, and fix guidance.

$ patchops benchmark

Run the full benchmark suite against your project and compare with industry averages.

Offline Mode

All --local scans run entirely on your machine. No data leaves your network. The vulnerability database is bundled and updated on each pip install --upgrade.

CI/CD Integration

Add Patchguard to your CI pipeline. Fails the build if critical or high CVEs are found.

GitHub Actions

name: Patchguard on: [push, pull_request] jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install PatchOps CLI run: pip install patchops-cli - name: Run secrets scan run: patchops scan secrets --local --fail-on high env: PATCHOPS_API_KEY: ${{ secrets.PATCHOPS_API_KEY }} - name: Run SAST scan run: patchops scan sast --local --fail-on critical - name: Run IaC scan run: patchops scan iac --local --fail-on high

GitLab CI

patchguard: image: python:3.12-slim stage: test before_script: - pip install patchops-cli script: - patchops scan secrets --local --fail-on high - patchops scan sast --local --fail-on critical - patchops scan iac --local --fail-on high variables: PATCHOPS_API_KEY: $PATCHOPS_API_KEY

Generate an API key in your account settings.

Settings → API Keys