Skip to content

CLI Reference

Jump to bottom
PenumbraForge edited this page Mar 29, 2026 · 1 revision

CLI Reference

Commands

gate scan [paths...]

Scan files for secrets.

gate scan                    # Scan staged files (default)
gate scan --all              # Scan entire repository
gate scan --staged           # Scan staged files only
gate scan --changed          # Scan files changed since last commit
gate scan src/ lib/          # Scan specific directories
gate scan config.js          # Scan specific file
gate scan --verify           # Verify if secrets are live
gate scan --interactive      # Interactive remediation mode
gate scan --history 10       # Scan last 10 commits
gate scan --format json      # JSON output
gate scan --format sarif     # SARIF output (GitHub Code Scanning)
gate scan --entropy-threshold 4.5  # Custom entropy threshold
gate scan --no-color         # Disable colored output

gate fix

Auto-fix all findings by extracting secrets to .env.

gate fix                     # Fix all findings
gate fix --dry-run           # Preview changes
gate fix --interactive       # Fix one at a time
gate fix --undo              # Restore from snapshot

gate report

Generate compliance reports.

gate report                  # Markdown report (stdout)
gate report --format html    # HTML report
gate report --format json    # JSON report
gate report --format sarif   # SARIF 2.1.0 report
gate report --output report.html  # Write to file

gate incident

Launch incident response workflow for leaked secrets.

gate install

Install git hooks.

gate install                 # Install pre-commit hook
gate install --pre-push      # Also install pre-push hook

gate init

Interactive project setup. Generates .gaterc and .gateignore with sensible defaults for your stack.

gate status

Show health check: hook status, config, last scan, rule count.

gate audit

View and manage the local audit log.

gate audit                   # Show recent scans
gate audit --stats           # Show statistics
gate audit --export json     # Export as JSON
gate audit --export csv      # Export as CSV
gate audit --verify          # Verify integrity chain
gate audit --clear           # Clear the audit log

gate vault

Local secret encryption.

gate vault keygen            # Generate vault key
gate vault encrypt <value>   # Encrypt a value
gate vault decrypt <blob>    # Decrypt a blob
gate vault encrypt-env       # Encrypt .env values

gate purge

Generate git history purge scripts.

gate purge                   # Generate git-filter-repo script

gate version

Show version and check for updates.

gate help

Show all available commands.

Global Flags

Flag Description
--help, -h Show help for any command
--no-color Disable colored output
--format=FORMAT Output format (text, json, sarif)
--key=value All flags support = syntax
-- End of options (everything after is a file path)

Exit Codes

Code Meaning
0 Success, no findings
1 Findings detected or error

Environment Variables

Variable Description
GATE_SKIP=1 Bypass pre-commit/pre-push hook
GATE_ALLOW_MISSING=1 Allow commit when Gate binary not found
GATE_NODE_PATH Explicit path to Node.js binary
NO_COLOR=1 Disable color output
DEBUG=1 Enable verbose error output
FORTRESS_SIGNING_KEY Override HMAC signing key for rule verification

Getting Started

Core Features

Security Operations

Reporting

Reference

Clone this wiki locally