Skip to main content

Run the Vibgrate CLI via Docker

Run the Vibgrate CLI inside a container with Docker, mount your project for scanning, and capture machine-readable output for pipelines.

Vibgrate Docs

Vibgrate Help

Running the Vibgrate CLI in a container is a clean way to scan without installing anything on the host. It is especially useful in CI and on locked-down build machines. This guide is aimed at developers and platform engineers.

Overview

The container ships the vg binary. You mount your project as a working directory, then run a scan against it. A bare scan analyzes the mounted directory and reports a DriftScore from 0 to 100.

Scan a project

Mount the current directory and run a scan:

docker run --rm -v "$PWD":/src -w /src vibgrate/cli scan
  • -v "$PWD":/src mounts your project into the container.
  • -w /src sets the working directory so the scan targets your code.
  • --rm removes the container after it exits.

Capture machine-readable output

For pipelines, choose a structured format and write it to a file inside the mounted directory:

docker run --rm -v "$PWD":/src -w /src vibgrate/cli scan --format sarif --out drift.sarif

Because the file is written into the mounted path, it appears in your project directory on the host.

Add a quality gate

Fail the run when errors are present so the container exits non-zero in CI:

docker run --rm -v "$PWD":/src -w /src vibgrate/cli scan --fail-on error

Troubleshooting

  • Empty or partial results — confirm -w /src matches your mount target so the scan runs against your code.
  • Permission issues on written files — file ownership inside the container may differ from the host user; adjust ownership after the run if needed.
  • No network — the container runs offline-friendly for core scanning; first-run downloads of optional models require network access.

Related

See the output formats guide for SARIF, JSON, and Markdown details, and the first scan walkthrough to interpret what a scan reports.

Related Commands