CLI Tool
Scan locally.
Fix before you push.
The codelake CLI brings full application-aware security scanning to your terminal. Run codelake scan . and get the same deep analysis as the platform — locally, before your code ever reaches a remote.
Results sync to the platform automatically. Use it standalone or as a pre-commit hook to catch issues before they become pull requests.
$ codelake scan .
▸ Scanning application...
Analyzing 847 files across 12 services
Building application context model...
Mapping data flows & auth boundaries...
CRITICAL SQL Injection via unfiltered user input
↳ src/api/users.ts:42
HIGH API endpoint /admin missing auth
↳ src/routes/admin.ts:15
MEDIUM Hardcoded AWS key in config
↳ config/aws.ts:8
✓ 23 findings · 2 critical · 8 high · 9 medium · 4 low
✓ Results synced to app.codelake.io
█Installation
Install in one command.
The codelake CLI is available via npm, Homebrew, or a direct download script. Choose your preferred method and start scanning in seconds.
npm
$ npm install -g @codelake/cli
Requires Node.js 18+. Works on macOS, Linux, and Windows.
Homebrew
$ brew install codelake/tap/codelake
macOS and Linux. Auto-updates via Homebrew.
Shell Script
$ curl -fsSL https://get.codelake.io | sh
Universal installer. Detects OS and architecture automatically.
Quick setup after install
# Authenticate with your API token
$ codelake auth login
Enter your API token: ****
✓ Authenticated as sascha@acme.io
# Run your first scan
$ codelake scan .
Commands
Everything you need. One command at a time.
The CLI mirrors the full platform capability. Scan, triage, configure, and report — all from your terminal.
codelake scan [path]
Scan a directory or file. Supports all scan types: SAST, SCA, secrets, IaC, API security, and context mapping. Use flags to limit scope.
codelake scan --type sast,sca
Run specific scan types only. Combine multiple types with commas. Available: sast, sca, secrets, iac, api, context.
codelake scan --fail-on critical
Exit with code 1 if findings at the specified severity or above are detected. Perfect for CI/CD quality gates.
codelake scan --diff HEAD~1
Scan only changed files since a specific git ref. Ideal for incremental scanning and pre-commit hooks.
codelake auth login
Authenticate the CLI with your API token. Tokens are stored securely in your system keychain.
codelake findings list
List findings for the current project. Filter by severity, status, scan type, or date range.
codelake report --format sarif
Generate reports in multiple formats: SARIF, JSON, CSV, PDF. Integrates with GitHub Code Scanning and other SARIF consumers.
codelake config init
Initialize a .codelake.yml configuration file in your project root. Customize scan behavior, exclusions, and severity thresholds.
Pre-Commit Hooks
Catch issues before they become commits.
Integrate codelake directly into your git workflow. The pre-commit hook scans only changed files for maximum speed, blocking commits that introduce critical or high-severity findings.
- ✓ Only scans changed files (sub-second for small changes)
- ✓ Configurable severity threshold for blocking
- ✓ Works with Husky, pre-commit, and lefthook
- ✓ Skip with
--no-verifyfor emergencies - ✓ Team-wide enforcement via shared configuration
Setup with Husky
# Install and configure
$ npx husky add .husky/pre-commit \
"codelake scan --diff HEAD --fail-on high"
Setup with pre-commit framework
# .pre-commit-config.yaml
repos:
- repo: https://github.com/codelake/pre-commit
rev: v1.0.0
hooks:
- id: codelake-scan
args: [--fail-on, high]
What it looks like
$ git commit -m "add user endpoint"
▸ codelake pre-commit scan (3 files)...
HIGH Missing auth middleware on /api/users
↳ src/routes/users.ts:12
✗ Commit blocked · 1 high finding
Fix the issue or use --no-verify to skip
Start scanning from your terminal today.
Install the codelake CLI and catch security issues before they reach your repository. Free tier includes 10 scans per month.