Skip to main content

Installing the Protean command line tool

curl -fsSL "https://protean-labs.io/cdn/sh/install" | sh

or

wget -q0- "https://protean-labs.io/cdn/sh/install" | sh

Using Protean

Once installed you can execute protean with no arguments to get the usage information:

Version: 1.1.25
Usage:
protean [options...] <cmd>
pip list --format=json | protean -stdin scan

Options:
-stdin read input from STDIN
-f file [FILENAME]
-v verbose
-q quiet
--help, -h help text
--project-id id of the project, can also set PROTEAN_LABS_PROJECT_ID env var
--force-exit-0 forces protean to exit with status code 0 regardless of outcome

Commands:
scan Scans your projects dependencies for vulnerable or outdated versions

Notes:
Package list must be a JSON string with shape:
[{"name": "pkg_name", "pkg_version"}, ...]
The PROTEAN_LABS_API_KEY env variable is required

The protean tool currently supports 3 different types of input:

  • requirements.txt
  • package.json
  • STDIN json

When using STDIN input the JSON shape is required to match:

[{"name": "pkg_name", "pkg_version"}, ...]

To scan your dependencies in a requirements.txt or package.json file you can pass the filepath via the -f flag:

protean -f requirements.txt scan

Exit code

protean is designed to be smart, if we detect a Critical or High sev CVE while scanning your dependencies we'll return a non-zero exit code which will halt CI pipelines allowing you to fix any issues before deploying.

If you need to force it through even with some vulnerable dependencies then you can just pass the --force-exit-0 flag and it will return a 0 exit code allowing your pipeline to pass. This is only intended to be used during emergencies, but we're all adults here so we trust you'll use it wisely.