Prismor CLI

A powerful command-line tool for scanning GitHub repositories for security vulnerabilities, secrets, and generating Software Bill of Materials (SBOM) — with built-in AI auto-fix that opens a PR to remediate vulnerabilities in seconds.

Quick Start

1. Get Your API Key

Get your API key (Free)

Sign up to generate your key instantly.

2. Install & Configure

Terminal
$ pip install prismor

Set your API key:

Terminal
$ export PRISMOR_API_KEY=your_api_key_here

Usage Examples

Basic Syntax

Terminal
$ prismor --repo <repository> [scan-type]

Repository Formats

Username/Repository format:

Terminal
$ prismor --repo owner/repository --fullscan

Full GitHub URL:

Terminal
$ prismor --repo https://github.com/owner/repository --fullscan

Scan Types

1. Vulnerability Scanning (VEX)

Scan for known vulnerabilities in dependencies.

Terminal
$ prismor --repo myrepository --vex

2. Secret Detection

Detect exposed API keys, tokens, and credentials.

Terminal
$ prismor --repo myrepository --detect-secret

3. SBOM Generation

Generate Software Bill of Materials.

Terminal
$ prismor --repo myrepository --sbom

4. Full Scan (All checks)

Run all security checks in one command.

Terminal
$ prismor --repo myrepository --fullscan

5. AI Auto-Fix

Scan for vulnerabilities and automatically open a PR with fixes. Pass --fix alongside any scan flag — it implies --scan if no other scan type is specified.

Terminal
$ prismor --repo myrepository --scan --fix

Returns a job_id immediately. Track progress with prismor fix-status. Want to run the fix on your own machine with your own LLM credits instead? See Local AI Auto-Fix.

JSON Output

Get results in JSON format for automation and CI/CD:

Terminal
$ prismor --repo myrepository --fullscan --json

Additional Commands

Trigger Auto-Fix (no scan)

Fire the AI agent directly without running a scan first. Accepts an optional --branch and --instruction.

Terminal
$ prismor trigger-fix owner/repository
Terminal
$ prismor trigger-fix owner/repository --branch develop --instruction "Update all lodash deps"

Fix Status

Check the status of an auto-fix job. Add --wait to block until the PR is created (up to 30 min).

Terminal
$ prismor fix-status <job_id>
Terminal
$ prismor fix-status <job_id> --wait

Local AI Auto-Fix (your own infrastructure)

Prefer to keep your source code and credentials on your own machine? prismor fix-local applies fixes locally instead of in Prismor's cloud. Scanning still runs in the cloud, but the fix is performed by a coding agent you already have installed (Claude Code, Codex, …) using your own LLM credits, editing your local checkout. Your code and GitHub token never leave your machine, and Prismor's hosted fix agent is not invoked.

1. Scan in the cloud and save the findings:

Terminal
$ prismor --repo owner/repository --scan -o findings.json

2. Fix locally with your own agent, in your current checkout:

Terminal
$ prismor fix-local --results findings.json

Or pull findings straight from a completed scan job:

Terminal
$ prismor fix-local . --from-scan <job_id>

Useful flags: --dry-run previews the prompt without changing files, --agent claude|codex picks the agent, --branch <name> creates a local git branch first, --instruction adds guidance, and --yes skips the confirmation prompt (required for non-interactive/CI use).

No Claude Code or Codex installed? Point Prismor at any agent with a {prompt} placeholder via an environment variable:

Terminal
$ export PRISMOR_LOCAL_AGENT_CMD='aider --yes --message {prompt}'

Check Configuration

Verify your CLI configuration and API key

Terminal
$ prismor config

Version Information

Check your installed CLI version

Terminal
$ prismor --version

Get Help

Display all available commands and options

Terminal
$ prismor --help

Full Analysis & Dashboard

For comprehensive analysis and visualization of your scan results, access the Prismor Dashboard with interactive charts, historical data, and team collaboration features.

Go to Dashboard →