ComplyVigilance CLI

The cvclient command-line interface (CLI) allows you to scan codebases and container images, generate SBOMs, exclude sensitive files, and send scan results to a remote server. Ideal for local use and automation, the CLI delivers fast, structured output compatible with other tools in your workflow.

Installation

Download the binary for your platform and make it executable:

• Download for Linux
• Download for macOS (Intel)
• Download for macOS (Apple Silicon)
• Download for Windows

CV CLIENT Argument Guide

Explore the available flags for the cvclient command-line tool:

1. -p, --project-dir Required

Specifies the root folder of the project you want to scan. This is the primary source directory that contains the code, dependencies, and configuration files for analysis. Use this flag to point the CLI to your codebase.

cvclient -p ./my-app

2. -u , --server-url Required

Specifies the remote server endpoint to which scan results will be sent. This flag enables forwarding of results from the cvclient CLI to the ComplyVigilance web portal for centralized audits, dashboard visibility, or policy enforcement.

cvclient -p ./my-app -u https://api.complyvigilance.com/submit

3. -k , --access-token Required

Provides the authentication token required when submitting results to the ComplyVigilance web portal.

This token ensures that the request is securely tied to an authorized account during result submission.

The token is issued by the ComplyVigilance team and must be kept confidential.

cvclient -p ./my-app -u https://api.complyvigilance.com/submit -k <ACCESS_TOKEN>

4. -pn, --project-name Required

Specifies the project name associated with the scan.This must correspond to a project that already exists in the ComplyVigilance web portal.It ensures that scan results are linked to the correct project in your dashboard, enabling better organization, history tracking, and team collaboration.

cvclient -p ./my-app -u https://api.complyvigilance.com/submit -k <ACCESS_TOKEN> -pn "shopping-cart"

5. -ic, --include-container-image Optional

Includes scanning of local container images in addition to the source project directory.

This option is useful when your project includes a container image (OCI Image) that may introduce additional dependencies and licenses.

cvclient -p ./my-app -u https://api.complyvigilance.com/submit -k <ACCESS_TOKEN> -ic

6. -ci, --container-image-scan Optional

Scans only the local container image.

This argument is used when the goal is to only scan dependencies present in a container image—without analyzing any source code or package manager configuration. It targets both base OS layers and application-layer packages inside the container.

cvclient -p ./my-app.tar -u https://api.complyvigilance.com/submit -k <ACCESS_TOKEN> -ci

7. -pv, --project-version Optional

Specifies a version identifier for the scanned project. Helps track scan history across different versions of the same codebase in audit logs or dashboards.This is especially useful when managing multiple deployments or release cycles.

cvclient -p ./my-app -u https://api.complyvigilance.com/submit -k <ACCESS_TOKEN> -pn "shopping-cart" -pv "v2.3.1"

8. -o, --output-dir Optional

Specifies the local directory where the result from the cv client cli will be saved. If not provided, the CLI will automatically create a folder in your operating system's temporary directory (e.g. /tmp on Linux/macOS or %TEMP% on Windows) and store the scan results there.

cvclient -p ./my-app -o ./scan-results

9. -e, --exclude-patterns Optional

Allows you to exclude files or directories from the scan using regular expression (regex) patterns. Use this when you want to skip specific file types or directory names that are irrelevant for analysis, such as documentation, test files, or build artifacts.

cvclient -p ./my-app -e ".*\\.md,.*\\.test\\.js,docs/.*"

10. -x, --exclude-paths Optional

Lets you exclude specific files or directories by providing absolute file system paths.

Use this when you want to completely omit trusted or irrelevant parts of your codebase, such as internal scripts, archived folders, or test directories.

cvclient -p ./my-app -x "/Users/dobby/my-app/docs,/Users/dobby/my-app/legacy"

11. -d, --max-scan-depth Optional

Defines how deep the scanner should traverse through the directory structure. Useful when scanning very large monorepos or legacy projects where you want to limit the depth of analysis to improve performance or avoid irrelevant subfolders.

cvclient -p ./my-app -d 3

12. -v, --version Optional

Displays the current version of the installed CLI tool.
Useful for verifying which release you're using, especially when debugging or reporting issues.

cvclient --version

13. -h, --help Optional

Displays the built-in help menu, showing all supported arguments, flags, and their descriptions.

This is useful when you want a quick reference to all CLI options or to validate if your syntax is correct.

cvclient --help

Find Your Scan Results

After the scan completes, results are available in two places:

ComplyVigilance Web Portal

All scan results, including the dependency graph, license and vulnerability data, are automatically uploaded to the ComplyVigilance Web Portal using the --server-url flag. Once uploaded, users can:

• Access dashboards and compliance reports
• Review version history
• View enriched insights from ComplyVigilance's knowledge base (KB) and AI engines

Local Results

If --output-dir is specified, the CLI saves a copy of the scan output (logs, and metadata) to the provided directory.

System Temp Directory (Default Fallback)

If no --output-dir is provided, the CLI will create a temporary folder in your operating system’s default location:

• Linux/macOS: /tmp/cvclient-<timestamp>
• Windows: %TEMP%\cvclient-<timestamp>

This folder contains a .tar archive with scan results and logs.

Note: Local scan results (saved in --output-dir or temp folders) are based purely on static analysis. They are not enriched with ComplyVigilance’s internal knowledge base or AI-driven enhancements. For full visibility, always refer to the Web Portal.