search

CLI (Pre-Commit Checks)

hashtag
Overview

The Heeler Security CLI (heelercli) brings security checks closer to developers, right in local workflows. It supports:

  • Secret scanning (pre-commit + local/CI use)

  • Dependency vulnerability scanning

  • SBOM generation and assessment (CycloneDX JSON)

Current language / ecosystem support:

  • Go

  • Java (Maven)

  • JavaScript / TypeScript (pnpm, package.json, package-lock.json)

More languages are coming soon.

Technical documentation and release artifacts are available on GitHub: https://github.com/Heeler-Security/heelercliarrow-up-right

hashtag
Why teams use the Heeler CLI

Modern development moves fast. Security checks need to happen where developers are already working.

The Heeler CLI enables teams to:

Catch secrets before they are committed Scan staged changes locally and stop commits when secrets are detected.

Understand dependency risk early Automatically analyze dependencies and flag vulnerabilities based on policy.

Generate and evaluate SBOMs Produce software bill of materials data and assess security posture.

Integrate security into developer workflows Run security checks locally or automatically in CI pipelines.

By bringing these checks earlier in the lifecycle, teams reduce the risk of secrets exposure and vulnerable dependencies entering production systems.

hashtag
How it fits into the developer workflow

The CLI is designed to run at key points in the development lifecycle.

hashtag
1. Local development

Developers run scans locally to detect issues early:

  • Secret detection in staged code

  • Dependency vulnerability checks

  • SBOM generation and analysis

This allows developers to fix issues before pushing code.

hashtag
2. Pre-commit protection

Many teams install the CLI as a pre-commit hook so secrets never enter the repository.

When enabled:

  1. A developer stages code

  2. The CLI scans the changes

  3. If a secret is detected, the commit is blocked

  4. The developer resolves the issue before committing

This prevents common issues like accidentally committing API keys, tokens, or credentials.

hashtag
3. CI pipeline security checks

The CLI can run in CI pipelines to enforce dependency security policies.

Typical CI workflows include:

  • Scanning dependencies for vulnerabilities

  • Failing builds based on severity thresholds

  • Detecting newly introduced vulnerabilities compared to a baseline

This ensures builds only pass when they meet security requirements.

hashtag
4. SBOM workflows

The CLI can also generate and assess Software Bills of Materials (SBOMs).

Teams use this capability to:

  • Understand software composition

  • Evaluate dependency risk

  • Support compliance or supply chain security requirements

  • Feed SBOM data into the Heeler platform

SBOM analysis integrates with Heeler’s broader view of the application lifecycle.

hashtag
Platforms supported

The CLI runs on common developer environments including:

  • Linux

  • macOS

  • Windows

hashtag
Getting started

Browse to the Heeler CLI GitHub Repository > https://github.com/Heeler-Security/heelercliarrow-up-right

PreviousAgent Skills (During Code Generation)NextGuardrails (Pull Request Enforcement)

Last updated

Was this helpful?