CLI
CLI reference
Every flag the scop binary accepts, with examples.
scop scan
The workhorse. Resolves your dependency tree and prints findings.
scop scan --repo ./app --fail-on high| Flag | Default | What it does |
|---|---|---|
--repo | . | Path to the repo or workspace to scan. |
--fail-on | critical | Minimum severity that returns a non-zero exit code. |
--feeds | all | Comma-separated list of advisory feeds (npm, pypi, rubygems, ghsa, osv, snyk). |
--format | text | One of text, json, sarif. |
scop sbom
Emit a software bill of materials for compliance / audit.
scop sbom --format cyclonedx > sbom.jsonSupports SPDX 2.3 and CycloneDX 1.5. Includes resolved versions plus the hash of every fetched artifact.
Last updated 2026-06-03.