--telemetry [off|errors|all]: Enable telemetry [default: off]-v, --verbose: Increase verbosity (-v=info, -vv=debug) [default: 0]--auth-mode [membership|server|organization]: How to authenticate to the backend [default: membership]--install-completion: Install completion for the current shell.--show-completion: Show completion for the current shell, to copy it or customize the installation.--help: Show this message and exit.
install: Download and install the security scanners…version: Show the installed CLI version.collect-files: Collect files from the current directory…scan-diff: Compare two scan outputs and display their…airemediate: AI Remediation-related parametersci: CI-related parametersinfra: Infrastructure as Code (IaC) scanning…code: Source code security scanning commands and…
symbiotic-cli install
Download and install the security scanners used by the CLI.
Usage:
-f, --force: Force install: will remove existing files before re-installing--help: Show this message and exit.
symbiotic-cli version
Show the installed CLI version.
Usage:
--help: Show this message and exit.
symbiotic-cli collect-files
Collect files from the current directory for scanning.
Usage:
PATH: Path to scan [required]
--help: Show this message and exit.
symbiotic-cli scan-diff
Compare two scan outputs and display their differences.
Takes two SymbioticScanOutput JSON files and returns a SymbioticScanDiffOutput
containing created, unchanged and remediated findings.
Usage:
BEFORE_PATH: Path to JSON file containing symbiotic output before changes [required]AFTER_PATH: Path to JSON file containing symbiotic output after changes [required]
--ci-formatting: Format output for CI systems--help: Show this message and exit.
symbiotic-cli airemediate
AI Remediation-related parameters
Usage:
--help: Show this message and exit.
remediate: Perform AI-powered remediation for a…generate_recommendation: Generate a recommendation after…fp_reason
symbiotic-cli airemediate remediate
Perform AI-powered remediation for a single SAST vulnerability.
This command extracts the vulnerable code from a given file and range,
generates an AI-based fix based on the vulnerability rule metadata,
and applies it to the file. Optionally, it can output the full
remediation details to a JSON file.
Usage:
PROJECT_DIR: Path to project directory [required]RULE_ID: Rule ID of the detected vulnerability. [required]FILE_PATH: Path to the vulnerable file (relative or absolute). [required]START_LINE: The starting line number of the vulnerability. [required]END_LINE: The ending line number of the vulnerability. [required]START_COL: The starting column of the vulnerability. [required]END_COL: The ending column of the vulnerability. [required]LANGUAGE: Language of the code we want to remediate [required][STAGED_ISSUE_PUBKEY]: The public key of the staged issue, used to track interactions with the AI.
--stream: Enable streaming mode for live output processing--vuln-doc TEXT: Vulnerability documentation--code-context TEXT: Code snippet with context around the vulnerability.--project-context TEXT: Context about the vulnerability in the project scope.--override-fp: Enable streaming mode for live output processing
symbiotic-cli airemediate generate_recommendation
Generate a recommendation after remediating a SAST vulnerability, suggesting
additional manual changes that may be needed elsewhere in the project.
Usage:
RECOMMENDATION_JSON_PARAMS: JSON string containing remediated code and vulnerability context. You can pass the JSON output generated by theremediatecommand. [required]
--stream: Enable streaming mode for live output processing
symbiotic-cli airemediate fp_reason
Usage:
PROJECT_DIR: Path to project directory [required]RULE_ID: Rule ID of the detected vulnerability. [required]FILE_PATH: Path to the vulnerable file (relative or absolute). [required]START_LINE: The starting line number of the vulnerability. [required]END_LINE: The ending line number of the vulnerability. [required]START_COL: The starting column of the vulnerability. [required]END_COL: The ending column of the vulnerability. [required]LANGUAGE: Language of the code we want to remediate [required][STAGED_ISSUE_PUBKEY]: The public key of the staged issue, used to track interactions with the AI.
--stream: Enable streaming mode for live output processing--vuln-doc TEXT: Vulnerability documentation--code-context TEXT: Code snippet with context around the vulnerability.
symbiotic-cli ci
CI-related parameters
Usage:
--help: Show this message and exit.
infra: Run Infrastructure as Code security scan…code: Run Code Security scan in CI.
symbiotic-cli ci infra
Run Infrastructure as Code security scan in CI.
Usage:
PATH: Path to scan [required]
--severity-threshold TEXT: Minimum severity level that will cause a detection to fail the CI pipeline. (critical|high|medium|low)--skip-output-formatting: Skip formatting the scan output--skip-upload-results: Skip uploading scan results to Symbiotic backend--git-remote-url TEXT: Git remote URL of the scanned repository--git-first-commit-sha TEXT: SHA of the first commit in the scanned repository--git-latest-commit-sha TEXT: SHA of the latest commit in the scanned repository--git-default-branch TEXT: Default branch of the scanned repository--git-current-branch TEXT: Current branch being scanned--help: Show this message and exit.
symbiotic-cli ci code
Run Code Security scan in CI.
Usage:
PATH: Path to scan [required]
--severity-threshold TEXT: Minimum severity level that will cause a detection to fail the CI pipeline. (critical|high|medium|low)--skip-output-formatting: Skip formatting the scan output--skip-upload-results: Skip uploading scan results to Symbiotic backend--git-remote-url TEXT: Git remote URL of the scanned repository--git-first-commit-sha TEXT: SHA of the first commit in the scanned repository--git-latest-commit-sha TEXT: SHA of the latest commit in the scanned repository--git-default-branch TEXT: Default branch of the scanned repository--git-current-branch TEXT: Current branch being scanned--help: Show this message and exit.
symbiotic-cli infra
Infrastructure as Code (IaC) scanning commands and utilities.
Usage:
--help: Show this message and exit.
install: Install the Infrastructure as Code (IaC)…scan: Scan a directory using the IaC scanner.version: Show the version of the installed IaC…latest-version: Show the latest available version of the…location: Show the filesystem location of the IaC…
symbiotic-cli infra install
Install the Infrastructure as Code (IaC) scanner.
Usage:
-f, --force: Force install: will remove existing files before re-installing--help: Show this message and exit.
symbiotic-cli infra scan
Scan a directory using the IaC scanner. Use —raw to output unfiltered results.
Usage:
PATH: Path to scan [required]
--skip-files TEXT: Files to skip separated by comma--skip-dirs TEXT: Directories to skip separated by comma--raw / --no-raw: Show raw output [default: no-raw]--help: Show this message and exit.
symbiotic-cli infra version
Show the version of the installed IaC scanner.
Usage:
--help: Show this message and exit.
symbiotic-cli infra latest-version
Show the latest available version of the IaC scanner.
Usage:
--help: Show this message and exit.
symbiotic-cli infra location
Show the filesystem location of the IaC scanner binary.
Usage:
--help: Show this message and exit.
symbiotic-cli code
Source code security scanning commands and utilities.
Usage:
--help: Show this message and exit.
install: Install the code security scanner.scan: Scan a directory using the code security…version: Show the version of the installed code…latest-version: Show the latest available version of the…location: Show the filesystem location of the code…
symbiotic-cli code install
Install the code security scanner.
Usage:
-f, --force: Force install: will remove existing files before re-installing--help: Show this message and exit.
symbiotic-cli code scan
Scan a directory using the code security scanner. Use —raw to output unfiltered results.
Usage:
PATH: Path to scan [required]
--raw / --no-raw: Show raw output [default: no-raw]
symbiotic-cli code version
Show the version of the installed code scanner.
Usage:
--help: Show this message and exit.
symbiotic-cli code latest-version
Show the latest available version of the code scanner.
Usage:
--help: Show this message and exit.
symbiotic-cli code location
Show the filesystem location of the code scanner binary.
Usage:
--help: Show this message and exit.