Skip to main content
The vulnerability command group (alias: vuln) manages vulnerability scanning and CVE findings. InfraAudit uses Trivy and the NVD database to identify vulnerabilities in your cloud resources.

vulnerability scan

Run a vulnerability scan against all resources, or target a specific resource. Synopsis: 
infraudit vulnerability scan [flags]
infraudit vuln scan [flags]
FlagDescription
--providerLimit the scan to resources from a specific provider ID
--resourceScan a single resource by ID
Examples: 
# Scan all resources
infraudit vulnerability scan

# Scan a specific resource
infraudit vuln scan --resource 42

vulnerability list

List vulnerability findings with optional filters. Synopsis: 
infraudit vulnerability list [flags]
infraudit vuln list [flags]
FlagValuesDescription
--severitycritical, high, medium, lowFilter by CVSS severity
--statusopen, fixed, ignoredFilter by remediation status
--providerprovider IDFilter by provider
Examples: 
# List all findings
infraudit vulnerability list

# Show only critical open findings
infraudit vuln list --severity critical --status open

# Count critical vulnerabilities for CI gating
infraudit vuln list --severity critical -o json | jq 'length'

vulnerability get

Show full details for a single CVE finding, including the CVE identifier, description, CVSS score, and affected resource: Synopsis: 
infraudit vulnerability get <finding-id>
infraudit vuln get <finding-id>
Example: 
infraudit vuln get 7

vulnerability summary

Show an aggregate count of open findings grouped by severity: 
infraudit vulnerability summary

vulnerability top

Show the highest-severity open vulnerability findings across all resources: 
infraudit vuln top
To generate an AI-powered fix suggestion for a vulnerability, use infraudit remediation suggest-vuln <id>.