CLI — Local Scanning

Run security scans locally on your machine. Secrets, SAST, IaC — all offline-capable.

Installation

$ pip install patchops-cli

Authentication

$ patchops auth login

Key Commands

$ patchops scan secrets --local

Scan for hardcoded secrets, API keys, tokens, and credentials in your codebase.

$ patchops scan sast --local

Static Application Security Testing with 3,200+ rules across 25 languages.

$ patchops scan iac --local

Infrastructure-as-Code scanning for Terraform, CloudFormation, Kubernetes manifests.

$ patchops findings list

List all findings from previous scans with severity, CWE, and fix guidance.

$ patchops benchmark

Run the full benchmark suite against your project and compare with industry averages.

Offline Mode

All --local scans run entirely on your machine. No data leaves your network. The vulnerability database is bundled and updated on each pip install --upgrade.

CI/CD Integration

Add PatchOps Guard to your CI pipeline. Fails the build if critical or high CVEs are found.

GitHub Actions

name: PatchOps Guard
on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install PatchOps CLI
        run: pip install patchops-cli

      - name: Run secrets scan
        run: patchops scan secrets --local --fail-on high
        env:
          PATCHOPS_API_KEY: ${{ secrets.PATCHOPS_API_KEY }}

      - name: Run SAST scan
        run: patchops scan sast --local --fail-on critical

      - name: Run IaC scan
        run: patchops scan iac --local --fail-on high

GitLab CI

patchops-guard:
  image: python:3.12-slim
  stage: test
  before_script:
    - pip install patchops-cli
  script:
    - patchops scan secrets --local --fail-on high
    - patchops scan sast --local --fail-on critical
    - patchops scan iac --local --fail-on high
  variables:
    PATCHOPS_API_KEY: $PATCHOPS_API_KEY

Generate an API key in your account settings.

Settings → API Keys →