Lava is an open source vulnerability scanner that makes it easy to run security checks in your local and CI/CD environments.
Lava is part of the Vulcan ecosystem and it is built on top of the same components that power Vulcan. Thus, Lava continuously benefits from Vulcan improvements. In fact, Lava is compatible with the vulcan-checks catalog shipped with Vulcan.
Official binary distributions are available at https://github.com/adevinta/lava/releases.
Install the Lava command with go install
.
go install github.com/adevinta/lava/cmd/lava@latest
Lava is also available as an action that can be used from GitHub Actions workflows. Visit adevinta/lava-action for usage instructions.
Lava is self-documented.
Please run lava help
to get more information about the available
commands and other related topics.
This project is in an early stage, we are not accepting external contributions yet.
To contribute, please read the contribution guidelines.