kusari-cli

module
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 11, 2026 License: MIT

README

Kusari CLI

Command line interface for Kusari.

Installation

  1. Have Go installed.

  2. go install github.com/kusaridev/kusari-cli/kusari@latest

Alternatively, you can install pre-built binaries for supported platforms from the GitHub releases page.

Usage

For detailed information, see the Kusari Documentation.

kusari auth login

Logs into Kusari. Default parameters are good for most use cases. Access token is stored in $HOME/.kusari/tokens.json.

Workspace Selection

During your first login, you'll be prompted to select a workspace. Your selected workspace determines where your scan results will be stored.

Interactive Login (default):

kusari auth login

If you have multiple workspaces, you'll see a prompt:

Available workspaces:
  [1] Development Workspace
  [2] Production Workspace

Select a workspace (1-2):

If you only have one workspace, it will be auto-selected.

CI/CD Login (with client secret):

kusari auth login --client-secret <secret> --client-id <id>

In CI/CD mode, the first available workspace is automatically selected without prompting, ensuring non-interactive execution.

SSO Login (SAML authentication):

kusari auth login --use-sso

Use the --use-sso flag to authenticate with your organization's SSO (SAML) identity provider. This redirects you to your corporate login page and opens the Kusari console with SSO parameters after successful authentication.

Workspace Storage: Your selected workspace is stored in $HOME/.kusari/workspace.json and is tied to your current platform and authentication endpoint. If you switch environments (e.g., from production to development), you'll be prompted to select a workspace for the new environment.

Switching Environments: If you need to work with different Kusari environments (development, production, etc.), use the --platform-url and --auth-endpoint flags:

# Development environment
kusari auth login --platform-url https://platform.api.dev.kusari.cloud/ \
  --auth-endpoint https://auth.dev.kusari.cloud/

# Production environment (default)
kusari auth login

When you change environments, the CLI will detect the mismatch and prompt you to select a workspace for the new environment.

kusari auth select-workspace

Change your active workspace without re-authenticating. This is useful when you need to switch between workspaces in the same environment.

kusari auth select-workspace

You'll be shown your current workspace and prompted to select a new one:

Current workspace: Development Workspace

Available workspaces:
  [1] Development Workspace
  [2] Production Workspace

Select a workspace (1-2):
kusari repo scan

Scans a diff on a git repository using Kusari Inspector. This will scan a set of changes, so a git revision is needed to compare to. Usage:

kusari repo scan <directory> <git-rev>

Where <directory> is the directory of the git repository you wish to scan, and <git-rev> is the git revision to compare with the working tree to generate the set of changes. See Git documentation, for examples of git revisions. The revision must be a single revision to compare the working tree against, not a range.

The scan will use your currently selected workspace, which will be displayed at the start of the scan:

Packaging directory...
Using workspace: Development Workspace
Uploading package repo...

Examples:

kusari repo scan ~/git/guac HEAD^

Will scan my ~/git/guac repository and compare the working tree with the commit before the most recent commit.

kusari repo scan ~/git/guac origin/main

Will scan my ~/git/guac repository and compare the working tree with the main branch from the remote origin.

Kusari Inspector results will be stored and displayed in the Kusari Console.

Output Formats:

The scan command supports multiple output formats via the --output-format flag:

kusari repo scan --output-format sarif . origin/main

Available formats:

  • json (default) - Detailed JSON output with full analysis results
  • sarif - SARIF format compatible with GitLab SAST reports

The SARIF format integrates with GitLab's Security Dashboard when used as a CI artifact.

CI/CD Integration

The kusari repo scan command supports automatic posting of scan results as comments on merge requests and pull requests using the --comment flag:

GitLab:

kusari repo scan --comment gitlab . origin/main

GitHub:

kusari repo scan --comment github . origin/main

When enabled in a CI/CD environment, this will:

  • Post a summary comment with security findings
  • Post inline comments on specific lines of code where issues are detected
  • Update existing comments instead of creating duplicates on subsequent runs

Setup Instructions:

For complete setup instructions, templates, and reusable workflows for both GitLab and GitHub, see the Kusari CI Templates repository.

kusari repo risk-check

Analyze a repository's overall security posture (Coming soon!)

Directories

Path Synopsis
api
configuration
cmd
pkg
auth
comment
config
configuration
constants
github
gitlab
login
port
repo
sarif
url

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.