scan command performs a comprehensive security assessment of your endpoint, checking for vulnerabilities, misconfigurations, outdated software, and known threats. Results are scored and prioritized by AI so you can focus on what matters most.
Usage
Options
Run a fast scan covering only critical checks. Available on all plans including Community (Free).
Write the scan results to the specified file path. Supports
.json, .html, and .pdf formats based on file extension.Set the output language for scan results (e.g.,
en, zh-TW, ja).Show detailed output including individual check progress and debug information.
Examples
Scan Types
| Mode | Checks | Duration | Plan Required |
|---|---|---|---|
--quick | Critical vulnerabilities, open ports, root access | ~30 seconds | Community (Free) |
| Full (default) | All scanners including CVE, CIS benchmarks, malware signatures, network | 2-5 minutes | Solo+ |
What Gets Scanned
- System vulnerabilities — CVE database matching against installed packages
- Configuration audit — CIS benchmark checks for OS hardening
- Network exposure — Open ports, listening services, firewall rules
- Malware detection — YARA rule matching and hash lookups
- File integrity — Checks against known-good baselines
- User accounts — Privilege escalation risks, weak credentials
Plan Requirements
scan --quick is available on the Community (Free) plan. Full scans require Solo ($9/mo) or higher.