A Lightning-Fast, Zero-Config Local Container Security Orchestrator
VulnCheck orchestrates Docker-based security scanning (leveraging Gitleaks for secrets and Trivy for vulnerabilities) directly from your terminal. It provides a highly polished Bubble Tea Terminal UI (TUI), enabling you to catch critical security issues locally and prevent vulnerable code from ever reaching your upstream repository.
| Feature | Description |
|---|---|
| Zero Configuration | Operates on isolated Docker containers (aquasec/trivy & zricethezav/gitleaks). No complex host installation required. |
| Comprehensive Scanning | Instantly identifies exposed credentials, API tokens, and package dependency vulnerabilities. |
| Elegant Interface | Delivers a buttery-smooth terminal UI powered by Charm's Bubble Tea framework. |
| Native Git Hook Integration | Run vulncheck hook install to strictly enforce security standards before every commit. |
curl -sL https://raw.githubusercontent.com/f9-o/vulncheck/main/install.sh | sudo bashFor Windows environments, please download the pre-compiled binary from the Releases page.
git clone https://github.com/f9-o/vulncheck.git
cd vulncheck
make build
make installRun an extensive scan on your current working directory. The application will automatically provision ephemeral Docker containers for the analysis.
vulncheck scan .Ensure your repository remains pristine and secure by automatically blocking commits that contain High or Critical severity findings:
vulncheck hook install- CLI Layer: Engineered using the robust
cobraandviperframeworks. - Orchestrator Engine: Interfaces natively with the local Docker daemon to securely mount and analyze source code using Trivy and Gitleaks.
- TUI Engine: Utilizes Bubble Tea to process and stream real-time JSON report ingestion metrics into a refined, high-performance dashboard layout.
Developed and maintained by f9-o.