vet query
Query JSON dump and run filters or render reports
vet query [flags]
Options
--defect-dojo-host-url string DefectDojo Host URL eg. http://localhost:8080
--defect-dojo-product-id int DefectDojo Product ID (default -1)
--exceptions-filter string Generate exception records for packages matching filter
--exceptions-generate string Generate exception records to file (YAML)
--exceptions-till string Generated exceptions are valid till (default "2026-01-23")
--filter string Filter and print packages using CEL (DEPRECATED: use --policy instead)
--filter-fail Fail the command if filter matches any package (for security gate)
--filter-suite string Filter packages using CEL Filter Suite from file (DEPRECATED: use --policy-suite instead)
--filter-v2 string Filter and print packages using CEL with Insights v2 data model (alias for --policy)
--filter-v2-suite string Filter packages using CEL Filter Suite from file with Insights v2 data model (alias for --policy-suite)
-F, --from string The directory to load JSON dump files
-h, --help help for query
--policy string Filter and print packages using CEL with Policy Input schema
--policy-suite string Filter packages using CEL Filter Suite from file with Policy Input schema
--report-cdx string Generate CycloneDX report to file
--report-cdx-app-name string Application name used as root application component in CycloneDX BOM
--report-console Minimal summary of package manifest
--report-csv string Generate CSV report of filtered packages to file
--report-defect-dojo Report to DefectDojo
--report-graph string Generate dependency graph as graphviz dot files to directory
--report-json string Generate JSON report to file (EXPERIMENTAL)
--report-markdown string Generate markdown report to file
--report-markdown-summary string Generate markdown summary report to file
--report-sarif string Generate SARIF report to file (*.sarif or *.sarif.json)
--report-sarif-malware Include malware in SARIF report (Enabled by default) (default true)
--report-sarif-vulns Include vulnerabilities in SARIF report (Enabled by default) (default true)
--report-summary Show an actionable summary based on scan data
--report-summary-group-by-direct-deps Group summary by direct dependencies
--report-summary-max-advice int Maximum number of package risk advice to show (default 5)
--report-summary-used-only Show only packages that are used in code (requires code analysis during scan)
Options inherited from parent commands
-d, --debug Show debug logs
-e, --exceptions string Load exceptions from file
--exceptions-extra strings Load additional exceptions from file
-l, --log string Write command logs to file, use - as for stdout
--no-banner Do not display the vet banner
-v, --verbose Show verbose logs
SEE ALSO
- vet - [ Establish trust in open source software supply chain ]