CLI Documentation

Name: Netallion AI Assurance
Price: 15 USD
Author: Netallion

The Netallion AI Assurance CLI scans files, directories, and git history for secrets, PII, and AI hygiene issues directly from your terminal.

Installation

# Install from PyPI
pip install netallion

# Or with CLI extras
pip install netallion-detection[cli]

# Verify installation
netallion version

Quick Start

# Scan current directory
netallion scan .

# Scan specific files
netallion scan src/ config/ .env.example

# Scan with JSON output
netallion scan --format json .

# Scan from stdin (pipe content)
echo "AKIA_EXAMPLE_KEY" | netallion scan --stdin

# Scan and live-verify found secrets
netallion scan --verify .

Commands

netallion scan [PATHS...]

Scan files or directories for secrets and PII.

If no paths are provided, defaults to the current directory (.). Use --stdin to read from standard input instead.

netallion scan-git

Scan git history for secrets leaked in previous commits.

Options: --since, --until, --branch.

netallion list-patterns

List all available detection patterns.

Options: --format text|json, --category all|secret|pii|ai_hygiene.

netallion patterns test <pattern> <text>

Test a specific detection pattern against input text.

$ netallion patterns test aws_access_key "AKIAIOSFODNN7EXAMPLE"

Pattern:  aws_access_key
Input:    AKIAIOSFODNN7EXAMPLE
Matched:  yes
Severity: critical
Confidence: 0.95
Region:   [0:20] AKIA***********MPLE

netallion hook install|uninstall|status

Manage git pre-commit hooks.

Use --force to overwrite an existing hook.

Flags

Flag	Description	Default
--format	Output format: `text`, `json`, `sarif`, `csv`	text
--severity	Minimum severity filter: `critical`, `high`, `medium`, `low`, `info`	low
--no-bpe	Disable BPE token analysis (regex-only mode, faster)	false
--exclude	Additional glob patterns to exclude (repeatable)	-
--config	Path to `.netallion.yml` config file	auto-detect
--stdin	Read input from stdin instead of file paths	false
--verify	Live-verify detected secrets (check if active/inactive)	false
--exit-code	Exit with non-zero status on findings	false
--quiet	Only show summary, no snippets	false
--verbose	Show scan progress per file	false

Exit Codes

Code	Meaning
0	Clean - no findings detected (or findings detected but `--exit-code` not set)
1	Findings detected (only when `--exit-code` is set)
2	Error - invalid arguments, file not found, or scan failure

Pre-commit Hook

# Install the hook in your repo
netallion hook install

# Check hook status
netallion hook status

# Remove the hook
netallion hook uninstall

Or use the pre-commit framework:

# .pre-commit-config.yaml
repos:
  - repo: https://github.com/netallion/netallion
    rev: v0.1.0
    hooks:
      - id: netallion-scan
        args: ["--severity", "high", "--exit-code"]

CI/CD Integration

GitHub Actions

# .github/workflows/secret-scan.yml
name: Netallion AI Assurance Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run Netallion AI Assurance scan
        uses: netallion/netallion/.github/actions/scan@main
        with:
          paths: "."
          severity: "high"
          format: "sarif"

      # Or manually:
      # - run: pip install netallion
      # - run: netallion scan --format sarif --exit-code . > results.sarif
      # - uses: github/codeql-action/upload-sarif@v3
      #   with:
      #     sarif_file: results.sarif

GitLab CI

# .gitlab-ci.yml
secret-scan:
  stage: test
  image: python:3.12-slim
  before_script:
    - pip install netallion
  script:
    - netallion scan --format json --severity high --exit-code .
  artifacts:
    reports:
      secret_detection: gl-secret-detection-report.json
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"