Documentation

Everything you need to detect cross-service vulnerabilities in your microservice architecture.

Quick Start

Install the CLI and run your first scan in three commands.

npx vulngraph init

Getting Started

Set up your first cross-service scan in under 5 minutes. Covers project creation, spec import, and your first vulnerability report.

Installation

Install the VulnGraph CLI via npm, Homebrew, or as a standalone binary. Docker image available for CI environments.

Configuration

Configure vulngraph.json: service specs, message queues, databases, custom rules, output formats, and severity thresholds.

CLI Reference

Complete reference for all CLI commands: scan, init, validate, graph, export, and diff.

GitHub Action

Add VulnGraph to your CI/CD pipeline with our official GitHub Action. Block PRs that introduce cross-service vulnerabilities.

API Reference

REST API for programmatic access. Trigger scans, retrieve results, and manage projects from your own tooling.

Architecture

How VulnGraph builds unified call graphs, propagates taint across boundaries, and identifies cross-service vulnerability patterns.

Need help? Join our Discord or open a GitHub issue.