Run scan
Usage:
lava scan [flags]
Run a scan using the provided config file.
The -c flag allows to specify a configuration file. By default, "lava scan" looks for a configuration file with the name "lava.yaml" in the current directory.
The exit code of the command depends on the correct execution of the security scan and the highest severity among all the vulnerabilities that have been found.
- 0: No vulnerabilities found
- 1: Command error
- 2: Syntax error
- 3: Check error
- 4: Stale exclusions
- 100: Informational vulnerabilities found
- 101: Low severity vulnerabilities found
- 102: Medium severity vulnerabilities found
- 103: High severity vulnerabilities found
- 104: Critical severity vulnerabilities found
Those vulnerabilities that has been excluded in the configuration are not considered in the computation of the exit code. In other words, vulnerabilities with a severity that is lower than "report.severity" and vulnerabilities that match one or more "report.exclusions" rules are ignored.
Lava supports several container runtimes. The environment variable LAVA_RUNTIME allows to select which one is in use. For more details, use "lava help environment".