Installation
Install VulnZap globally:Quick Start
1. Complete Setup (Recommended)
Complete onboarding with API key setup and IDE integration:- Guide you through API key setup
- Automatically detect installed IDEs (VS Code, Cursor, Windsurf)
- Allow you to select multiple IDEs for integration
- Configure MCP settings and install extensions
- Set up your development environment for secure coding
2. Manual Setup (Alternative)
Commands Reference
Authentication and Configuration
vulnzap init
Complete onboarding workflow with interactive setup.
- Magic authentication flow with QR code support
- Automatic IDE detection (VS Code, Cursor, Windsurf, JetBrains)
- Multi-IDE configuration support
- MCP server setup for compatible IDEs
vulnzap setup
Manual authentication and IDE configuration.
-k, --key <key>: API key for authentication--ide <ide-name>: Target IDE for integration
vulnzap account
Display account information and usage statistics.
- User profile information
- Current subscription tier
- API usage metrics
- Remaining scan quota
vulnzap status
System health check and configuration verification.
- Server connectivity
- Authentication status
- User profile data
- System configuration
Security Scanning
vulnzap check
Analyze individual packages for vulnerabilities.
npm, pip, go, rust, maven, gradle, composer, nuget, pypi
vulnzap batch-scan
Scan all dependencies in the current project directory.
--ecosystem <ecosystem>: Filter by specific package ecosystem--output <file>: Save results to JSON file (default:.vulnzap/batch-scan-results.json)
package.json(npm)requirements.txt(pip)go.mod(go)Cargo.toml(rust)pom.xml(maven)build.gradle(gradle)composer.json(composer)*.csproj(nuget)
vulnzap scan
Initiate repository-wide vulnerability scan for GitHub repositories.
-b, --branch <branch>: Target branch (default:main)--wait: Block until scan completion-o, --output <file>: Save results to JSON file--key <api-key>: Override default API key
- Job ID for tracking
- Project ID for dashboard access
- Real-time scan progress (with
--wait) - Remaining line quota
vulnzap watch
Monitor directory for file changes and perform incremental security analysis.
-t, --timeout <ms>: Session timeout in milliseconds (default: 120000)-o, --output <dir>: Output directory for results (default:.vulnzap/incremental)
- Real-time file change detection
- Incremental vulnerability scanning
- Session-based result tracking
- Automatic timeout handling
- Manual stop with Ctrl+C
IDE Integration
vulnzap connect
Configure MCP integration for supported IDEs.
cursor: Cursor IDEwindsurf: Windsurf IDEantigravity: Antigravity IDEclaude: Claude Codecline: Cline (VS Code extension)vscode: VS Code (extension only)jetbrains: JetBrains IDEs (IntelliJ, WebStorm, etc.)
- Cursor:
.cursor/mcp.json - Windsurf:
.codeium/windsurf/mcp_config.json - Cline: Platform-specific MCP settings
vulnzap mcp
Start the MCP server for IDE integration.
VULNZAP_API_KEY: API key for authenticationVULNZAP_DEBUG: Enable verbose logging
Utility Commands
vulnzap tools
Display interactive guide to available MCP tools.
vulnzap help
Display comprehensive help information.
Supported IDEs
VulnZap integrates with the following IDEs:Cursor
Full MCP integration + extension
Windsurf
Full MCP integration + extension
Cline
MCP integration supported
VS Code
Extension only (no MCP server)
Automatic IDE Detection
Theinit command automatically detects which supported IDEs are installed on your system (VS Code, Cursor, Windsurf) and allows you to select multiple IDEs for integration.