CLI Reference
Complete reference for all 9 Doorman commands.Tip: Run npx getdoorman --help to see all commands, or npx getdoorman check --help for options on any command.
check #
Scan a codebase for issues across all 10 categories.
npx getdoorman check [path]If no path is provided, scans the current directory.
Options
| Option | Description | Default |
|---|---|---|
--ci | CI mode. Non-zero exit if score below threshold. Disables color. | false |
--min-score <n> | Minimum passing score (0-100). Used with --ci. | 70 |
--json | Output results as JSON. | false |
--sarif | Output results in SARIF format for GitHub Code Scanning. (GitHub Code Scanning format — shows issues directly on your pull requests) | false |
--html | Generate an HTML report. | false |
--category <cat> | Scan only specific categories (comma-separated). | all |
--severity <level> | Minimum severity: critical, high, medium, low. | low |
--full | Show full details for every finding. | false |
--no-cache | Disable result caching. Force a fresh scan. | false |
--timeout <ms> | Scan timeout in milliseconds. | 60000 |
--verbose | Show detailed scan progress and debug info. | false |
-q, --quiet | Suppress all output except the score. | false |
--config <path> | Path to a custom .doormanrc config file. | .doormanrc |
--baseline <path> | Compare against a saved baseline. Only show new issues. (Only shows NEW issues since your last scan — great for large projects) | none |
--save-baseline <path> | Save current results as a baseline for future comparisons. | none |
--profile | Show performance profiling info (scan time per engine). | false |
Example
# Scan src/ for critical and high security issues, output JSON
npx getdoorman check ./src --category security --severity high --json
# CI mode: fail if score is below 80
npx getdoorman check --ci --min-score 80
# Compare against a baseline
npx getdoorman check --baseline .doorman-baseline.jsonfix #
Generate a prompt for your AI tool (Claude, Codex, Cursor) to fix issues found during a scan.
npx getdoorman fix [severity]Severity filter
| Command | What it includes |
|---|---|
npx getdoorman fix critical | Critical issues only (default) |
npx getdoorman fix high | Critical + high issues |
npx getdoorman fix medium | Critical + high + medium |
npx getdoorman fix all | All issues |
How it works
Doorman generates a list of issues and copies it to your clipboard. Paste it into Claude, Codex, or Cursor — your AI reads the issues and fixes them.
If you're already in Claude Code or Cursor, just run the command directly — Doorman detects the environment and outputs the prompt so your AI acts on it immediately.
# Generate prompt for critical issues
npx getdoorman fix critical
# Or just tell your AI directly:
"Run npx getdoorman check and fix the critical issues"review #
Run a lightweight code review scan. Produces a summary review with score.
npx getdoorman review [path]Options
| Option | Description | Default |
|---|---|---|
--json | Output review as JSON. | false |
--min-score <n> | Minimum passing score. | 70 |
Example
npx getdoorman review ./src --jsonignore #
Suppress a specific rule from future scans.
npx getdoorman ignore <ruleId>Options
| Option | Description | Default |
|---|---|---|
--file <path> | Only ignore the rule in a specific file. | all files |
--reason <text> | Document why this rule is being ignored. | none |
Example
# Ignore a rule globally
npx getdoorman ignore SEC-XSS-003 --reason "False positive in test files"
# Ignore a rule for a specific file
npx getdoorman ignore PERF-N1-001 --file src/legacy.js --reason "Will refactor later"init #
Initialize Doorman in your project. Creates a .doormanrc config file and installs a pre-commit hook.
npx getdoorman initOptions
| Option | Description | Default |
|---|---|---|
--no-hook | Create config file only, skip pre-commit hook. | false |
Example
# Full setup with pre-commit hook
npx getdoorman init
# Config only, no hook
npx getdoorman init --no-hookhook #
Manage the git pre-commit hook.
npx getdoorman hookOptions
| Option | Description | Default |
|---|---|---|
--remove | Remove the Doorman pre-commit hook. | false |
Example
# Install the hook
npx getdoorman hook
# Remove the hook
npx getdoorman hook --removereport #
Generate a compliance or framework-specific report.
npx getdoorman report [path]Options
| Option | Description | Default |
|---|---|---|
--framework <name> | Compliance framework: owasp, pci, gdpr, hipaa, soc2. | owasp |
--output <path> | Output file path for the report. | stdout |
--project <name> | Project name for the report header. | directory name |
Example
# Generate OWASP Top 10 report
npx getdoorman report --framework owasp --output report.html
# Generate PCI DSS compliance report
npx getdoorman report --framework pci --project "My SaaS App"benchmark #
Run the internal benchmark suite to measure detection accuracy and performance on your machine.
npx getdoorman benchmarkThis command runs Doorman against a built-in set of test cases with known vulnerabilities and measures detection rate, false positive rate, and scan performance.
Example
npx getdoorman benchmarkOutput includes:
- Detection rate (target: 100%)
- False positive rate (target: 0%)
- Scan time per 1,000 files
- Memory usage
Exit Codes #
| Code | Meaning |
|---|---|
0 | Scan passed (score meets threshold, or not in CI mode). |
1 | Scan failed (score below threshold in CI mode). |
2 | Error (invalid arguments, scan failure, timeout). |
Global Options #
| Option | Description |
|---|---|
--help | Show help for any command. |
--version | Show Doorman version. |