Supply chain vulnerability scanner for your projects. Scans dependency manifests and lock files for known vulnerabilities.
# macOS (Apple Silicon)
curl -fsSL https://github.com/JulietSecurity/juliet-cli/releases/latest/download/juliet-cli-darwin-arm64 -o juliet-cli
chmod +x juliet-cli && sudo mv juliet-cli /usr/local/bin/
# macOS (Intel)
curl -fsSL https://github.com/JulietSecurity/juliet-cli/releases/latest/download/juliet-cli-darwin-amd64 -o juliet-cli
chmod +x juliet-cli && sudo mv juliet-cli /usr/local/bin/
# Linux (x86_64)
curl -fsSL https://github.com/JulietSecurity/juliet-cli/releases/latest/download/juliet-cli-linux-amd64 -o juliet-cli
chmod +x juliet-cli && sudo mv juliet-cli /usr/local/bin/
# Linux (arm64)
curl -fsSL https://github.com/JulietSecurity/juliet-cli/releases/latest/download/juliet-cli-linux-arm64 -o juliet-cli
chmod +x juliet-cli && sudo mv juliet-cli /usr/local/bin/# Authenticate
juliet-cli auth login
# Scan current directory
juliet-cli scan .
# Output as JSON
juliet-cli scan . --output json
# Output as SARIF (for CI integration)
juliet-cli scan . --output sarifAll binaries are signed with Sigstore and include SHA256 checksums.
# Verify checksum
curl -fsSLO https://github.com/JulietSecurity/juliet-cli/releases/latest/download/CLI-SHA256SUMS
grep -E '^[0-9a-f]+ juliet-cli-linux-amd64$' CLI-SHA256SUMS | sha256sum -c -
# Verify signature (requires cosign)
cosign verify-blob \
--signature juliet-cli-linux-amd64.sig \
--certificate juliet-cli-linux-amd64.pem \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity-regexp https://github.com/TwoPointSolutions/juliet/ \
juliet-cli-linux-amd64