sca

Run Software Composition Analysis (SCA)

Synopsis

Run a Software Composition Analysis (SCA) for a project or container image.

This command can accept either an OCI image reference (e.g. ghcr.io/org/image:tag) via --image or as the first positional argument, or a local path/tar file via --path or as the first positional argument. The command will generate or accept an SBOM, upload it to DevGuard and return vulnerability results.

Examples

Options

Options inherited from parent commands

Have feedback? We want to hear from you!

Fields marked with * are required