README
¶
The CLI for Nullify — a fully autonomous AI workforce for product security.
Scan, triage, fix, and track security vulnerabilities across your entire stack — from code to cloud — directly from your terminal. The Nullify CLI connects to your Nullify instance and gives you access to SAST, SCA, secrets detection, DAST/pentesting, bug hunting, CSPM, AI-powered autofix, and interactive AI security agents.
Features
- Unified findings — Query vulnerabilities across all scanner types (SAST, SCA, secrets, DAST, CSPM) in a single command
- AI-powered remediation — Generate fix patches and open PRs automatically
- Interactive AI chat — Ask security questions, triage findings, and build remediation plans with Nullify's AI agents
- CI/CD quality gates — Block deployments when critical findings are present
- DAST/Pentest scanning — Run API security scans in the cloud or locally via Docker
- MCP server — 50+ tools for AI coding assistants (Claude Code, Cursor, VS Code, and more)
- Multi-instance support — Manage multiple Nullify instances and switch between them
Installation
macOS / Linux
curl -sSfL https://raw.githubusercontent.com/Nullify-Platform/cli/main/install.sh | sh
Pre-configure your instance during install:
curl -sSfL https://raw.githubusercontent.com/Nullify-Platform/cli/main/install.sh | sh -s -- --host api.acme.nullify.ai
Go
go install github.com/nullify-platform/cli/cmd/cli@latest
Windows
Download the latest .zip for your architecture from GitHub Releases and add the binary to your PATH.
Verify
nullify --version
The installer verifies SHA-256 checksums automatically. Binaries are available for Linux, macOS, and Windows on both amd64 and arm64.
Quick Start
# Set up your instance, authenticate, and configure MCP — all in one step
nullify init
# Check your security posture
nullify status
# View findings across all scanner types
nullify findings
# Chat with Nullify's AI security agents
nullify chat
Authentication
Interactive (SSO/IdP)
nullify auth login --host api.acme.nullify.ai
Opens your browser for single sign-on. Tokens are stored locally and refreshed automatically.
Environment Variables
export NULLIFY_HOST=api.acme.nullify.ai
export NULLIFY_TOKEN=your-token-here
Multiple Instances
# Log in to a second instance
nullify auth login --host api.staging.nullify.ai
# Switch the active instance
nullify auth switch --host api.staging.nullify.ai
# List configured instances
nullify auth switch
Commands
Core
| Command | Description |
|---|---|
nullify init |
Interactive setup wizard (instance, auth, MCP config) |
nullify status |
Security posture overview with finding counts by scanner |
nullify findings |
List findings across all scanner types with filters |
nullify chat [message] |
Interactive AI chat or single-shot query |
Authentication
| Command | Description |
|---|---|
nullify auth login |
Authenticate via browser SSO |
nullify auth logout |
Clear stored credentials for a host |
nullify auth status |
Show auth state, host, and token expiry |
nullify auth token |
Print raw access token to stdout (pipe-friendly) |
nullify auth switch |
Switch active instance or list configured instances |
nullify auth config |
Print current CLI config as JSON |
Scanning
| Command | Description |
|---|---|
nullify pentest |
Run DAST pentest scans (cloud or local via Docker) |
nullify bughunt |
Cloud-based automated bug hunting |
CI/CD
| Command | Description |
|---|---|
nullify ci gate |
Quality gate — exits non-zero when findings exceed threshold |
nullify ci report |
Generate a markdown summary for PR comments |
Tooling
| Command | Description |
|---|---|
nullify mcp serve |
Start the MCP server for AI coding tools |
nullify completion |
Generate shell completions (bash, zsh, fish, powershell) |
Findings
# All findings across every scanner
nullify findings
# Filter by severity and scanner type
nullify findings --severity critical --type sast
# Filter by repository and status
nullify findings --repo my-repo --status open
# Limit results
nullify findings --limit 50
Pentest Scans
Cloud Scan
nullify pentest \
--app-name "My REST API" \
--spec-path ./openapi.json \
--target-host https://api.myapp.dev \
--github-owner my-org \
--github-repo my-repo \
--header "Authorization: Bearer token123"
Local Scan (Docker)
For APIs that aren't publicly accessible. Requires Docker.
nullify pentest \
--app-name "My REST API" \
--spec-path ./openapi.json \
--target-host http://localhost:8080 \
--github-owner my-org \
--github-repo my-repo \
--local
Add --use-host-network if the target is running directly on the host machine.
Interactive Chat
# Start an interactive REPL session
nullify chat
# Single-shot query
nullify chat "what are my critical findings?"
# Resume a previous conversation
nullify chat --chat-id abc123 "tell me more"
# Provide additional context
nullify chat --system-prompt "focus on PCI compliance"
CI/CD Integration
Quality Gate
Block PRs and deployments when findings exceed a severity threshold:
# .github/workflows/security.yml
name: Security Gate
on: [pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Nullify CLI
run: curl -sSfL https://raw.githubusercontent.com/Nullify-Platform/cli/main/install.sh | sh
- name: Security Gate
run: nullify ci gate --severity-threshold high
env:
NULLIFY_HOST: ${{ vars.NULLIFY_HOST }}
NULLIFY_TOKEN: ${{ secrets.NULLIFY_TOKEN }}
PR Security Summary
Add a security report to your pull request:
- name: Security Report
run: nullify ci report >> $GITHUB_STEP_SUMMARY
env:
NULLIFY_HOST: ${{ vars.NULLIFY_HOST }}
NULLIFY_TOKEN: ${{ secrets.NULLIFY_TOKEN }}
MCP Server
The CLI includes a built-in Model Context Protocol server with 50+ tools, giving AI coding assistants full access to your security data. Capabilities include:
- Query — findings, repositories, SBOMs, cloud accounts, metrics, trends
- Triage — mark findings as false positive, accepted risk, or reopen
- Remediate — generate AI-powered fix diffs and open PRs, end-to-end
- Track — campaigns, escalations, SLA policies, code reviews
Setup
Add the following to your MCP config file:
| Tool | Config path |
|---|---|
| Claude Code | .claude/mcp.json |
| Cursor | .cursor/mcp.json |
| VS Code | .vscode/mcp.json |
{
"mcpServers": {
"nullify": {
"command": "nullify",
"args": ["mcp", "serve"]
}
}
}
Scope findings to a specific repository with --repo:
{
"mcpServers": {
"nullify": {
"command": "nullify",
"args": ["mcp", "serve", "--repo", "my-repo"]
}
}
}
Configuration
The CLI stores configuration at ~/.nullify/config.json. Host resolution priority:
--hostflag- Config file (
~/.nullify/config.json) NULLIFY_HOSTenvironment variable
Global Flags
| Flag | Description | Default |
|---|---|---|
--host |
Nullify API instance (e.g., api.acme.nullify.ai) |
From config |
--output, -o |
Output format (json, table, yaml) |
json |
--verbose, -v |
Enable verbose logging | false |
--debug, -d |
Enable debug logging | false |
--nullify-token |
API token (overrides stored credentials) | |
--github-token |
GitHub Actions job token (auto-exchanged for Nullify token) |
Requirements
- macOS, Linux, or Windows (amd64 or arm64)
- Docker — required only for local pentest scans (
--local) - A Nullify instance — request access
Documentation
Full documentation is available at docs.nullify.ai.
Contributing
Contributions are welcome. Please open an issue or submit a pull request.
License
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
cli
command
|
|
|
internal
|
|
|
api
Code generated by scripts/generate/main.go.
|
Code generated by scripts/generate/main.go. |
|
commands
Code generated by scripts/generate/main.go.
|
Code generated by scripts/generate/main.go. |
|
scripts
|
|
|
generate
command
generate reads the merged OpenAPI spec and produces a typed Go API client and cobra command files for the CLI.
|
generate reads the merged OpenAPI spec and produces a typed Go API client and cobra command files for the CLI. |