Getting Started with the CLI

The Rafter CLI provides a simple command-line interface for running security scans on your repositories. This guide covers the essential concepts and basic workflows.

Core Concepts

How Do I get My API Key?

To use the Rafter CLI or API, you need an API key. Sign up and get your API key from your account page.
Your API key starts with RF and should be kept secure. Never commit it to version control (e.g. GitHub). Use environment variables instead.

What Does the CLI Do?

The Rafter CLI allows you to:
  • Trigger scans of your remote repositories
  • Retrieve results from completed scans
  • Check usage and quota information
  • Automate security workflows in scripts and CI/CD

How Does Scanning Work?

The CLI scans remote repositories (e.g., on GitHub), not your local files. It can use your local Git configuration to determine which repository and branch to scan.
When you run a scan:
  1. The CLI detects your repository and branch from Git
  2. It uploads your code securely to Rafter’s scanning engine
  3. The engine analyzes your code for vulnerabilities and security issues
  4. It deletes your code from Rafter’s scanning engine
  5. Results are returned and displayed in your terminal

Basic Commands

Make sure you configure an environment variable or pass in your RAFTER API_KEY with the flag --api-key or -k (more details below).

Start a Scan with rafter run

The most common command for running security scans are below. They auto-detect the repo and branch and require an environment variable RAFTER_API_KEY: 
# Basic scan 
rafter run --format md

# Save results to a file
rafter run --format md > security-report-$(date +%Y-%m-%d-%H-%M-%S).md

# Scan specific repository and branch
rafter run --format md --repo myorg/myrepo --branch main

# Non-interactive scan (don't wait for completion)
rafter run --format md --skip-interactive

Retrieve Results with rafter get

Get results from a completed scan: 
# Get scan results by ID
rafter get <scan-id>

# Wait for scan completion
rafter get <scan-id> --interactive

# Get results in Markdown format
rafter get <scan-id> --format md

# Save results to a file
rafter get <scan-id> --format md --interactive > security-report-$(date +%Y-%m-%d-%H-%M-%S).md

Check Quota with rafter usage

Check your API usage and remaining scans: 
rafter usage

Basic Workflow

Here’s a typical workflow for running your first scan:

1. Install the CLI

# Using npm
npm install -g @rafter-security/cli

# Using pnpm
pnpm add -g @rafter-security/cli

# Using yarn
yarn global add @rafter-security/cli

# Using pip
pip install rafter-cli

2. Set Your API Key

export RAFTER_API_KEY="RFabc-your-api-key-here"

3. Run a Scan

# Navigate to your repository
cd /path/to/your/repo

# Run the scan
rafter run --format md

4. Check Results

The CLI will display scan results directly in your terminal, showing:
  • Vulnerabilities found with severity levels
  • File locations where issues were detected
  • Recommendations for fixing the issues

Output Formats

The CLI supports multiple output formats for different use cases:

JSON Format (Default)

rafter get <scan-id> --format json
JSON output is perfect for:
  • Automation and scripting
  • Integration with other tools
  • Parsing with tools like jq
We’ll go into detail on how to process these results in the Output Processing section.

Markdown Format

rafter get <scan-id> --format md
Markdown output is great for:
  • Human-readable reports
  • Documentation and sharing
  • GitHub issues and pull requests

Next Steps

CLI Basics

Learn the fundamentals of using the Rafter CLI.

Advanced CLI

Master advanced CLI features and automation.

API Reference

Build custom integrations with the REST API.

CI/CD Integration

Set up automated scanning in your pipelines.