A CLI tool for scanning GitHub repositories for vulnerabilities, secrets, and generating SBOMs
Project description
Prismor CLI
A powerful command-line tool for scanning GitHub repositories for security vulnerabilities, secrets, and generating Software Bill of Materials (SBOM).
Get started at https://prismor.dev - Sign up for free to get your API key and access full dashboarding and analysis features!
Features
- 🔍 Vulnerability Scanning (VEX) - Detect security vulnerabilities in your codebase
- 🔐 Secret Detection - Find exposed secrets, API keys, and credentials
- 📦 SBOM Generation - Generate comprehensive Software Bill of Materials
- ⚡ Full Scan - Run all security checks in one command
- 🎨 Beautiful CLI Output - Colorful, easy-to-read results
- 🔗 Flexible Repository Input - Support for
username/repoor full GitHub URLs
Quick Start
- Sign up at https://prismor.dev
- Generate your API Key from the dashboard
- Install the CLI:
pip install prismor - Set your API key:
export PRISMOR_API_KEY=your_api_key - Run your first scan:
prismor --scan username/repo --fullscan
For the complete analysis with dashboards and reports, visit Prismor.dev after running scans!
Installation
Install Prismor CLI via pip:
pip install prismor
Prerequisites
Getting Your API Key
Before using Prismor CLI, you need to get your API key from Prismor.dev:
- Visit https://prismor.dev
- Sign up for a free account
- Navigate to your dashboard
- Generate an API Key
- Copy your API key
Setting Up Your API Key
Once you have your API key, set it as an environment variable:
export PRISMOR_API_KEY=your_api_key_here
To make this permanent, add it to your shell configuration file (~/.bashrc, ~/.zshrc, etc.):
echo 'export PRISMOR_API_KEY=your_api_key_here' >> ~/.zshrc
source ~/.zshrc
Private Repositories
To scan private repositories, you need to integrate your GitHub account:
- Go to Prismor.dev
- Navigate to Settings or Integrations
- Connect your GitHub account
- Authorize Prismor to access your private repositories
This allows Prismor to securely access and scan your private repositories.
Usage
Basic Syntax
prismor --scan <repository> [scan-type]
Repository Format
You can specify repositories in two ways:
-
Username/Repository format:
prismor --scan Ar9av/trychai-web-revamped --fullscan
-
Full GitHub URL:
prismor --scan https://github.com/Ar9av/trychai-web-revamped --fullscan
Scan Types
1. Vulnerability Scanning (VEX)
Scan for security vulnerabilities in your dependencies and code:
prismor --scan myrepository --vex
2. Secret Detection
Detect exposed secrets, API keys, passwords, and other sensitive information:
prismor --scan myrepository --detect-secret
3. SBOM Generation
Generate a Software Bill of Materials for your repository:
prismor --scan myrepository --sbom
4. Full Scan
Run all security checks (VEX + Secret Detection + SBOM):
prismor --scan myrepository --fullscan
Multiple Scan Types
You can combine multiple scan types:
prismor --scan myrepository --vex --detect-secret
JSON Output
Get results in JSON format for automation and integration:
prismor --scan myrepository --fullscan --json
Examples
Example 1: Quick Vulnerability Scan
prismor --scan facebook/react --vex
Example 2: Comprehensive Security Audit
prismor --scan https://github.com/microsoft/vscode --fullscan
Example 3: Secret Detection Only
prismor --scan openai/gpt-3 --detect-secret
Example 4: SBOM Generation with JSON Output
prismor --scan kubernetes/kubernetes --sbom --json > sbom-results.json
Additional Commands
Check Configuration
View your current Prismor CLI configuration:
prismor config
Version Information
Display the version of Prismor CLI:
prismor version
Or:
prismor --version
Help
Get help and see all available options:
prismor --help
Output
Prismor CLI provides clear, colorful output with:
- ✓ Success indicators
- ✗ Error messages
- ℹ Information updates
- ⚠ Warnings
- Detailed scan results including:
- Repository information
- Vulnerability counts
- Secret detection findings
- SBOM artifact counts
- Download links for detailed reports
Full Analysis & Dashboarding
For comprehensive analysis and visualization of your scan results, visit the Prismor Dashboard:
Features Available on Prismor.dev:
- 📊 Interactive Dashboards - Visualize security trends and metrics
- 📈 Historical Analysis - Track vulnerabilities over time
- 🎯 Detailed Reports - In-depth analysis of all findings
- 🔔 Alerts & Notifications - Get notified of critical issues
- 👥 Team Collaboration - Share reports with your team
- 🔄 CI/CD Integration - Automate scans in your pipeline
- 📁 Repository Management - Manage multiple repositories in one place
Accessing Full Reports:
After running a scan with the CLI, you can:
- Visit https://prismor.dev
- Log into your dashboard
- View all your scan results with rich visualizations
- Export reports in various formats
- Set up automated scanning schedules
The CLI provides quick results in your terminal, while the web dashboard offers comprehensive analysis and long-term security monitoring.
API Information
Prismor CLI communicates with the Prismor API at https://api.prismor.dev. The CLI handles:
- Authentication via API key
- Request formatting
- Error handling
- Response parsing
- Result presentation
Troubleshooting
API Key Not Set
If you see an error about PRISMOR_API_KEY not being set:
export PRISMOR_API_KEY=your_api_key_here
Invalid Repository Format
Ensure your repository is in one of these formats:
username/repositoryhttps://github.com/username/repository
Connection Issues
If you experience connection issues:
- Check your internet connection
- Verify the API endpoint is accessible
- Ensure your API key is valid
Development
Local Installation
For development, clone the repository and install in editable mode:
git clone https://github.com/PrismorSec/prismor-cli.git
cd prismor-cli
pip install -e .
Project Structure
prismor-cli/
├── prismor/
│ ├── __init__.py # Package initialization
│ ├── cli.py # CLI interface and commands
│ └── api.py # API client and communication
├── setup.py # Package configuration
├── requirements.txt # Dependencies
└── README.md # Documentation
Requirements
- Python 3.7 or higher
click>= 8.0.0requests>= 2.25.0
License
MIT License - See LICENSE file for details
Support
- Website: https://prismor.dev
- Dashboard: https://prismor.dev (Sign up for full features)
- Documentation: https://docs.prismor.dev
- Issues: https://github.com/PrismorSec/prismor-cli/issues
Need Help?
- Visit Prismor.dev for full documentation and support
- Check the dashboard for detailed scan results and analysis
- Join our community for questions and discussions
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Made with ❤️ by Prismor
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file prismor-0.1.0.tar.gz.
File metadata
- Download URL: prismor-0.1.0.tar.gz
- Upload date:
- Size: 9.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5c631841a5c237d8e19a04f7b96446fcfd5bd4b8591b0f0602edd6e9463c7191
|
|
| MD5 |
6c36670a01498e70f8ce52ce2c5839db
|
|
| BLAKE2b-256 |
1c633d5c0f5c575c28b1822f6c0ae856849abb00f59e7fd7943bcb59f8a1f81e
|
File details
Details for the file prismor-0.1.0-py3-none-any.whl.
File metadata
- Download URL: prismor-0.1.0-py3-none-any.whl
- Upload date:
- Size: 9.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
49ad85d937ae29769e0ddb7c86987dbf875631762e1e846c56d3daed15630736
|
|
| MD5 |
6a5aac112e7075d8e84c9806bcf9e4ad
|
|
| BLAKE2b-256 |
52fa8f5ad4193e7c1b5707789b14919f2af9a29172c2200d723338ca304b077a
|
