Rafter CLI
Project description
rafter-cli (Python)
Python CLI for Rafter — trigger and retrieve remote SAST/SCA security scans via the Rafter API.
Note: This package provides backend scanning only. For the full feature set—including agent security (secret scanning, command interception, pre-commit hooks, skill auditing)—install the Node.js package:
npm install -g @rafter-security/cli
Installation
pip install rafter-cli
Requires Python 3.10+.
Quick Start
export RAFTER_API_KEY="your-key" # or add to .env file
rafter run # scan current repo (auto-detected)
rafter scan --repo myorg/myrepo --branch main # scan specific repo
rafter get SCAN_ID # retrieve results
rafter get SCAN_ID --interactive # poll until complete
rafter usage # check quota
Important: The scanner analyzes the remote repository on GitHub, not your local files. Auto-detection uses your local Git configuration to determine which repo and branch to scan.
Commands
rafter run [options]
Alias: rafter scan
Trigger a new security scan for your repository.
-r, --repo <repo>— org/repo (default: auto-detected from git remote)-b, --branch <branch>— branch (default: current branch or 'main')-k, --api-key <key>— API key (orRAFTER_API_KEYenv var)-f, --format <format>—jsonormd(default:md)--skip-interactive— don't wait for scan completion--quiet— suppress status messages
rafter get <scan-id> [options]
Retrieve results from a scan.
-k, --api-key <key>— API key-f, --format <format>—jsonormd(default:md)--interactive— poll until scan completes--quiet— suppress status messages
rafter usage [options]
Check API quota and usage.
-k, --api-key <key>— API key
Piping and Automation
The CLI follows UNIX principles: scan data to stdout, status to stderr, no file writing.
# Filter critical vulnerabilities
rafter get SCAN_ID --format json | jq '.vulnerabilities[] | select(.level=="critical")'
# Count vulnerabilities
rafter get SCAN_ID --format json | jq '.vulnerabilities | length'
# CSV export
rafter get SCAN_ID --format json --quiet | jq -r '.vulnerabilities[] | [.level, .rule_id, .file, .line] | @csv'
# CI gate
if rafter get SCAN_ID --format json | jq -e '.vulnerabilities | length > 0'; then
echo "Vulnerabilities found!" && exit 1
fi
# Save to file
rafter get SCAN_ID > scan_results.json
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Success |
| 1 | General error |
| 2 | Scan not found |
| 3 | Quota exhausted |
Configuration
- API key:
--api-keyflag,RAFTER_API_KEYenv var, or.envfile - Git auto-detection: works in CI (
GITHUB_REPOSITORY,GITHUB_REF_NAME,CI_REPOSITORY,CI_COMMIT_BRANCH) - Remote scanning: analyzes the remote repository, not local files
Documentation
Full docs at docs.rafter.so.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file rafter_cli-0.4.0.tar.gz.
File metadata
- Download URL: rafter_cli-0.4.0.tar.gz
- Upload date:
- Size: 4.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
44828e64735e73f22ea1a29df87ea786784897a7197681eaf96b6f309b73ec2c
|
|
| MD5 |
50b2a56936702d6d89c1a49c728f1130
|
|
| BLAKE2b-256 |
2047442fd4ee52f01120943a6d9e3d9691f463ca3f7901528cf75feda5237498
|
File details
Details for the file rafter_cli-0.4.0-py3-none-any.whl.
File metadata
- Download URL: rafter_cli-0.4.0-py3-none-any.whl
- Upload date:
- Size: 5.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5c269cbffcccd200f8760cf8eb131098cf4bed58ac4e863f81de0a8b061f15ec
|
|
| MD5 |
41f19640dd64fc3f04f68ff8346d0bcf
|
|
| BLAKE2b-256 |
be503a6ed01c09c4759e48b1bbb6665487cbb84e94d8f39cf73c5eb33741ca75
|
