kusari-cli gives you Kusari’s power wherever you go

When we first introduced Kusari Inspector, it was only available as a GitHub app. But GitHub isn’t the only place developers work. That’s why we have kusari-cli — an open source command line tool for interacting with Kusari’s services. We recently shipped kusari-cli 1.0, so now’s a good time to give you some of the highlights.

Checking security with Kusari Inspector

kusari-cli is a full-featured interface for Kusari Inspector. The `repo scan` command allows you to run the same security checks that the GitHub app uses from your terminal or the CI system of your choice. I often use it to check the security posture of changes in upstream projects that don’t have Kusari Inspector installed.

‍

We believe that security tools have to live in the developer’s usual workflow to be useful. kusari-cli is what powers the ability to use Kusari Inspector in whatever CI workflow you use. In fact, it’s what we use in the Inspector GitHub action! If you’re using GitLab, you can even get the line-by-line comments that the GitHub app provides.

Upload SBOMs to Kusari Platform

If you’re a Kusari Platform customer, kusari-cli provides a great interface for uploading software bills of materials (SBOMs) to Kusari Platform. Integrate with your CI pipeline to upload automatically during the build process. We also provide a kusari-ingest GitHub Action that — you guessed it — uses kusari-cli under the hood. If you have historical SBOMs to ingest, you can use kusari-cli directly. Of course, the GitHub app now supports generating and ingesting the SBOM automatically.

Plug into your AI code assistant

The `ai` command allows you to add Kusari integrations and MCP server to several popular AI code assistants. This means that you get all of the benefits of Kusari Inspector right in your AI coding tools. They can evaluate the security posture of your changes inside your development workflow. When the assistant adds a new library, it can use Kusari to evaluate that dependency for vulnerabilities, maintainership, and other important factors. If issues are found, your assistant can use the change-fix skill to automatically remediate the issues. Now you don’t have to wait for a pull request; you can let your favorite assistant detect and fix the issues as you work.

Get started

Each kusari-cli release includes pre-built binaries for Linux and macOS, or you can use `go install`. The documentation has detailed installation instructions. kusari-cli is our all-in-one tool, so as we add new features to our products, you’ll be able to access them through kusari-cli. If you have any questions or suggestions, we always welcome your feedback on our community forum.