CLI Reference
Complete reference for the ConsoleSentinel command-line interface.
Synopsis
consolesentinel [command] [options]
If no command is specified, scan is used by default.
Commands
scan (default)
Run a full audit against a target URL.
consolesentinel scan --url https://example.com
serve
Start the real-time dashboard on a local port.
consolesentinel serve --port 3900
compare
Compare two scan reports and show the delta.
consolesentinel compare --baseline report-a.json --current report-b.json
init
Create a default consolesentinel.config.json in the current directory.
consolesentinel init
Global Options
| Flag | Alias | Type | Default | Description |
| ---- | ----- | ---- | ------- | ----------- |
| --url | -u | string | — | Target URL to scan (required for scan) |
| --config | -c | string | Auto | Path to config file |
| --max-pages | -m | number | 100 | Maximum pages to crawl |
| --max-depth | | number | 5 | Maximum link depth |
| --format | -f | string | html | Output format: json, html, markdown, or all |
| --out-dir | -o | string | ./consolesentinel-reports | Report output directory |
| --timeout | -t | number | 30000 | Page timeout in ms |
| --viewport | | string | 1440x900 | Viewport as WxH |
| --headless | | boolean | true | Run in headless mode |
| --verbose | -v | boolean | false | Verbose logging |
| --quiet | -q | boolean | false | Suppress terminal output |
| --version | -V | — | — | Print version and exit |
| --help | -h | — | — | Show help |
Scan Options
Auditor Toggles
Enable or disable individual modules:
consolesentinel --url https://example.com --disable dast,visualAi
consolesentinel --url https://example.com --only console,network,seo
| Flag | Type | Description |
| ---- | ---- | ----------- |
| --disable | string | Comma-separated list of auditors to skip |
| --only | string | Run only these auditors (skip all others) |
Crawl Control
consolesentinel --url https://example.com \
--include "/blog/**" \
--exclude "/admin/**,*.pdf" \
--follow-external false
| Flag | Type | Description |
| ---- | ---- | ----------- |
| --include | string | Glob patterns to prioritize |
| --exclude | string | Glob patterns to skip |
| --follow-external | boolean | Follow external links (default false) |
Authentication
consolesentinel --url https://staging.example.com \
--header "Authorization: Bearer $TOKEN" \
--cookie "session=abc123"
| Flag | Type | Description |
| ---- | ---- | ----------- |
| --header | string | Custom headers (Key: Value). Repeatable. |
| --cookie | string | Custom cookies. Repeatable. |
| --basic-auth | string | HTTP basic auth (user:password) |
CI / CD
consolesentinel --url https://example.com \
--fail-on-grade C \
--fail-on-critical \
--fail-on-high 5
| Flag | Type | Description |
| ---- | ---- | ----------- |
| --fail-on-grade | string | Exit non-zero if grade at-or-below (e.g. C) |
| --fail-on-critical | boolean | Exit non-zero on any critical finding |
| --fail-on-high | number | Exit non-zero if high-severity count exceeds N |
Exit Codes
| Code | Meaning |
| ---- | ------- |
| 0 | Scan completed, all CI thresholds passed |
| 1 | Scan completed, CI threshold exceeded |
| 2 | Scan failed (network error, timeout, etc.) |
Examples
Quick scan with JSON output:
npx consolesentinel -u https://example.com -f json
Run only security modules:
npx consolesentinel -u https://example.com --only security,dast
CI pipeline with grade gate:
npx consolesentinel -u $DEPLOY_URL --fail-on-grade C --fail-on-critical -f json -q
Compare before/after deploy:
npx consolesentinel compare \
--baseline reports/pre-deploy.json \
--current reports/post-deploy.json
Next Steps
- Configuration — Full config file reference
- Integrations — Send results to Slack, Jira & more
- API Reference — Use ConsoleSentinel programmatically