Files
wehub-resource-sync 0d3cb498a3
CI / Shell Format Check (push) Has been cancelled
CI / Check Ruby (3.4) (push) Has been cancelled
CI / CI Config (push) Has been cancelled
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Has been cancelled
CI / Build on Node ${{ matrix.node }} (push) Has been cancelled
CI / Style Check (push) Has been cancelled
CI / Generate Assets (push) Has been cancelled
CI / Check Python (3.14) (push) Has been cancelled
CI / Check Python (3.9) (push) Has been cancelled
CI / Build Docs (push) Has been cancelled
CI / Code Scan Action (push) Has been cancelled
CI / Site tests (push) Has been cancelled
CI / webui tests (push) Has been cancelled
CI / Run Integration Tests (push) Has been cancelled
CI / Run Smoke Tests (push) Has been cancelled
CI / Go Tests (push) Has been cancelled
CI / Share Test (push) Has been cancelled
CI / Redteam (Production API) (push) Has been cancelled
CI / Redteam (Staging API) (push) Has been cancelled
CI / GitHub Actions Lint (push) Has been cancelled
CI / Check Ruby (3.0) (push) Has been cancelled
release-please / release-please (push) Has been cancelled
release-please / build (push) Has been cancelled
release-please / publish-npm (push) Has been cancelled
release-please / publish-npm-backfill (push) Has been cancelled
release-please / docker (push) Has been cancelled
release-please / publish-code-scan-action (push) Has been cancelled
release-please / attest-code-scan-action (push) Has been cancelled
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Has been cancelled
Test and Publish Multi-arch Docker Image / test (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Has been cancelled
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Has been cancelled
Validate Renovate Config / Validate Renovate Configuration (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:24:08 +08:00

246 lines
9.8 KiB
Markdown

---
title: CLI Command
sidebar_label: CLI Command
sidebar_position: 3
description: Scan code changes for LLM security vulnerabilities using the promptfoo code-scans command.
---
# CLI Command
The `promptfoo code-scans` command scans code changes for LLM-related security vulnerabilities, helping you identify prompt injection risks, jailbreaks, PII exposure, and other security issues before they reach production.
## Quick Start
Install promptfoo globally:
```bash
npm install -g promptfoo
```
Authenticate with your promptfoo account:
```bash
promptfoo auth login
```
Run a scan on your current branch:
```bash
promptfoo code-scans run
```
## Running Time
Depending on the size of your PR and codebase, the scan can take anywhere from a minute or two to 20 minutes or more. That said, most PRs take between 3 and 10 minutes.
## Command Options
### Basic Usage
```bash
promptfoo code-scans run [repo-path] [options]
```
### Options
| Option | Description | Default |
| --------------------------------- | --------------------------------------------------------------------------------------------------- | ---------------------------------------------------- |
| `repo-path` | Path to repository | Current directory (`.`) |
| `--api-key <key>` | Promptfoo API key | From `promptfoo auth` or `PROMPTFOO_API_KEY` env var |
| `--base <ref>` | Base branch/commit to compare against | Auto-detects either main or master |
| `--compare <ref>` | Branch/commit to scan | `HEAD` |
| `--config <path>` | Path to config file | `.promptfoo-code-scan.yaml` |
| `--guidance <text>` | Custom guidance to tailor the scan | None |
| `--guidance-file <path>` | Load guidance from a file | None |
| `--api-host <url>` | Promptfoo API host URL | `https://api.promptfoo.app` |
| `--diffs-only` | Scan only PR diffs, don't explore full repo | false |
| `--json` | Output results as JSON ([see schema](#json-output-schema)) | false |
| `-f, --format <format>` | Output format (`text`, `json`, or `sarif`) | `text` |
| `--github-pr <owner/repo#number>` | Post comments to GitHub PR (used with [Promptfoo GitHub Action](/docs/code-scanning/github-action)) | None |
### Examples
**Scan diffs for current branch, comparing against main (or master):**
```bash
promptfoo code-scans run
```
**Scan diffs for specific branch against main:**
```bash
promptfoo code-scans run --compare feature/new-llm-integration
```
**Scan diffs between two commits:**
```bash
promptfoo code-scans run --base ffa1b2d3 --compare a9c7e5b6
```
**Scan with custom config:**
```bash
promptfoo code-scans run --config custom-scan-config.yaml
```
**Get JSON output:**
```bash
promptfoo code-scans run --json
```
See [JSON Output Schema](#json-output-schema) for the response format.
**Get SARIF output for security tooling:**
```bash
promptfoo code-scans run --format sarif > promptfoo-code-scan.sarif
```
SARIF output includes location-backed findings that GitHub Code Scanning can display.
## Configuration File
Create a `.promptfoo-code-scan.yaml` file in your repository root:
```yaml
# Minimum severity level to report (low|medium|high|critical)
# Both minSeverity and minimumSeverity are supported
minSeverity: medium
# Scan only PR diffs without filesystem exploration (default: false = explore full repo)
diffsOnly: false
# Optional: Custom guidance to tailor the scan to your needs
guidance: |
Focus on authentication and authorization vulnerabilities.
Treat any PII exposure as high severity.
# Or load guidance from a file (path relative to config file)
# guidanceFile: ./scan-guidance.md
# Optional: Promptfoo API host URL
# apiHost: https://api.promptfoo.dev
```
## Custom Guidance
You can provide custom guidance to tailor scans to your specific needs. See the [overview](./index.md#custom-guidance) for what guidance can do.
**Via command line:**
```bash
# Inline guidance
promptfoo code-scans run --guidance "Focus on authentication vulnerabilities in the /src/auth directory"
# Load from file
promptfoo code-scans run --guidance-file ./scan-guidance.md
```
**Via config file:**
```yaml
# Inline guidance
guidance: |
Focus on authentication and authorization vulnerabilities.
Treat any PII exposure as high severity.
# Or load from file
guidanceFile: ./scan-guidance.md
```
## Authentication
The code scanner supports multiple authentication methods (checked in order):
1. **CLI argument**: `--api-key <key>`
2. **Environment variable**: `PROMPTFOO_API_KEY=<key>`
3. **Promptfoo auth**: `promptfoo auth login`
4. **GitHub OIDC** (when used in the [Promptfoo GitHub Action](/docs/code-scanning/github-action)): Automatic
### Using promptfoo auth
```bash
# Login once
promptfoo auth login
# Then run scans without --api-key
promptfoo code-scans run
```
### Using environment variable
```bash
export PROMPTFOO_API_KEY=your-api-key
promptfoo code-scans run
```
### Using --api-key argument
```bash
promptfoo code-scans run --api-key your-api-key
```
## JSON Output Schema
When using `--json`, the scan outputs a JSON object to stdout with the following structure:
### Response Object
| Field | Type | Description |
| ---------------- | ----------- | ----------------------------------------------------------------------------------------------------------------- |
| `success` | `boolean` | Whether the scan completed successfully |
| `review` | `string` | Overall review summary of the scan |
| `comments` | `Comment[]` | Array of findings (see below) |
| `commentsPosted` | `boolean` | Whether comments were posted to a PR |
| `skipReason` | `string` | Set when the scan was intentionally skipped (e.g. fork PR awaiting maintainer approval); `comments` will be empty |
| `error` | `string` | Error message if the scan failed |
### Comment Object
| Field | Type | Description |
| --------------- | -------- | ---------------------------------------------- |
| `file` | `string` | File path where the issue was found, or null |
| `line` | `number` | Line number of the finding, or null |
| `startLine` | `number` | Start line for multi-line findings, or null |
| `finding` | `string` | Description of the security issue |
| `fix` | `string` | Suggested fix for the issue |
| `severity` | `string` | `critical`, `high`, `medium`, `low`, or `none` |
| `aiAgentPrompt` | `string` | Prompt for AI coding agents to fix the issue |
### Example
```json
{
"success": true,
"review": "The PR introduces an LLM-powered support chat feature. The main security concerns are around prompt injection via user messages and insufficient output validation.",
"comments": [
{
"file": "src/chat/handler.ts",
"line": 42,
"startLine": 40,
"finding": "User input is passed directly to the LLM prompt without sanitization, allowing prompt injection attacks.",
"fix": "Sanitize user input and use a system prompt that instructs the model to ignore injected instructions.",
"severity": "critical",
"aiAgentPrompt": "In src/chat/handler.ts around line 42, add input sanitization before passing user messages to the LLM. Use a system prompt with injection-resistant instructions."
},
{
"file": "src/chat/handler.ts",
"line": 87,
"startLine": null,
"finding": "LLM responses are rendered as raw HTML without escaping, which could allow cross-site scripting if the model is manipulated.",
"fix": "Escape or sanitize LLM output before rendering it in the UI.",
"severity": "high",
"aiAgentPrompt": "In src/chat/handler.ts at line 87, escape the LLM response output before inserting it into the DOM to prevent XSS."
}
]
}
```
## See Also
- [Code Scanning Overview](./index.md)
- [GitHub Action](./github-action.md)
- [VS Code Extension](./vscode-extension.md)