Get started in three steps

1

Install the CLI

Install the Rafter security CLI using your preferred package manager.
npm install -g @rafter-security/cli
2

Get your API key

Sign up and grab your API key from your account page.
Your API key starts with RF and should be kept secure. Never commit it to version control (e.g. GitHub). Use environment variables instead.
3

Start your first scan

Run your first security scan with a single command:
rafter run --apiKey "RFabc-your-api-key-here" --format md
The CLI will automatically detect your repository and branch from Git, then display the scan results in your terminal.

What’s happening?

When you run rafter run, the CLI will:
  1. Auto-detect your repository and branch from Git
  2. Upload your code securely to Rafter’s scanning engine from Github
  3. Scan for vulnerabilities, secrets, and security issues
  4. Delete your code from Rafter’s scanning engine
  5. Display results directly in your terminal
The CLI only scans remote repositories, not your current local branch. Make sure your changes are pushed to the remote repository before scanning.

Bonus: Saving Results to a File

To run a scan and save the results to a file, you can use the following command: 
rafter run --apiKey "RFabc-your-api-key-here" --format md > security-report-$(date +%Y-%m-%d-%H-%M-%S).md

Next Steps

CLI Basics

Learn the fundamentals of using the Rafter CLI.

Advanced CLI

Master advanced CLI features and automation.

API Reference

Build custom integrations with the REST API.

CI/CD Integration

Set up automated scanning in your pipelines.
Want to know more about how we scan? See our handbook for detailed information about our scanning technology and security coverage.