Skip to main content

Command structure

zenveil [--verbose] <command> [arguments] [flags]

Global flags

FlagDescription
--verboseEnable debug logging — shows scanner internals, HTTP requests, and AI token streaming

Command groups

Scanning

scan github · scan apiPoint ZenVeil at a target and get findings with animated multi-step progress.

Findings

list · stats · ignoreBrowse, filter, and suppress findings from the last scan.

AI Analysis

explain · fix · triage · agentClaude-powered explanations, fixes, and prioritization. explain and fix require Pro.

Account

login · whoami · upgrade · billingManage your API key, view your plan, and handle subscriptions.

Reporting

report json · report htmlExport the last scan to structured JSON or a shareable HTML report.

Docs

docs · docs auth · docs secrets · docs supply-chain · docs apiOpen documentation in your browser from the terminal.

Full command reference

Account

CommandDescription
zenveil loginShow step-by-step guide then prompt securely for your API key
zenveil login <api-key>Save key directly (for scripts — prefer ZENVEIL_API_KEY env var)
zenveil whoamiShow your email and current plan
zenveil upgradeUpgrade to Pro or Team (opens Stripe checkout in browser)
zenveil upgrade pro --annualUpgrade with annual billing
zenveil billingManage subscription — cancel, change plan, update card

Scanning

CommandDescription
zenveil scan github <owner/repo>Scan a GitHub repository
zenveil scan github <owner/repo> --token <tok>Use a GitHub token (or set GITHUB_TOKEN)
zenveil scan github <owner/repo> --ref <branch>Scan a specific branch, tag, or commit
zenveil scan github <owner/repo> --check-cvesInclude CVE checks via OSV.dev
zenveil scan github <owner/repo> --exclude-testsSkip test/fixture/example files entirely
zenveil scan api <url>Scan an API endpoint for security headers

Findings

CommandDescription
zenveil listList all findings from the last scan
zenveil list --severity high,criticalFilter by severity level(s)
zenveil list --scanner secretsFilter by scanner name
zenveil statsShow scan statistics (target, duration, counts by severity and scanner)
zenveil ignore <id>Suppress a finding from future reports
zenveil ignore <id> --reason "text"Suppress with a documented reason

AI analysis

explain and fix require a Pro plan. triage is available on all plans. Run zenveil upgrade to unlock per-finding AI features.
CommandPlanDescription
zenveil explain <id>ProAI explanation of a finding
zenveil fix <id>ProAI-generated fix with syntax-highlighted output
zenveil fix <id> --auto-pr --repo <r>ProGenerate a fix and open a GitHub PR
zenveil fix <id> --auto-pr --repo <r> --token <tok>ProUse a specific GitHub token
zenveil triageFreeAI-prioritized remediation plan for all findings

Reporting

CommandDescription
zenveil report json <file>Export last scan to JSON
zenveil report html <file>Export last scan to HTML

Docs

CommandDescription
zenveil docsOpen documentation home in browser
zenveil docs authAuthentication guide
zenveil docs secretsSecrets scanner guide
zenveil docs supply-chainSupply-chain scanner guide
zenveil docs apiAPI scanner guide

Environment variables

VariableUsed byDescription
ZENVEIL_API_KEYAllYour ZenVeil API key
GITHUB_TOKENscan github, fix --auto-prGitHub personal access token
ZENVEIL_API_URLAll (self-hosted)Override the scanning API URL
ZENVEIL_WEB_URLBilling (self-hosted)Override the billing/web server URL

Exit codes

CodeMeaning
0Success — scan completed, no CRITICAL or HIGH findings
1Security gate triggered — one or more CRITICAL or HIGH findings
2Error — invalid arguments, missing scan cache, network failure
Use exit codes in CI to gate deployments: 
zenveil scan repo . && echo "✓ Security gate passed" || echo "✗ Security issues found"

Getting help

zenveil help          # Formatted command listing with examples
zenveil --help        # argparse help
zenveil scan --help   # Subcommand help