New CLI
Overview
The Conviso CLI is a command-line interface for interacting with the Conviso Platform through GraphQL.
It is designed for:
- local operational workflows;
- security automation;
- CI/CD execution;
- bulk import and export tasks.
Repository:
Requirements
According to the current CLI repository README, the CLI requires:
- Python 3.10+
CONVISO_API_KEYconfigured in your shell or.env- Optional:
CONVISO_API_TIMEOUTin seconds, defaulting to30
Installation and Setup
Choose the installation approach that best matches your use case.
Development Setup
Use this method if you want to run the CLI from source or contribute to the project.
git clone https://github.com/convisolabs/conviso-cli.git
cd conviso-cli
python3 -m venv .venv
source .venv/bin/activate
pip install -e .
To verify the installation:
conviso --help
Build and Install from Source
Use this approach if you want to install the CLI as a regular package from a built artifact.
git clone https://github.com/convisolabs/conviso-cli.git
cd conviso-cli
python3 -m venv .venv
source .venv/bin/activate
pip install build
python -m build
pip install dist/conviso_cli-*-py3-none-any.whl --force-reinstall
To verify the installation:
conviso --help
Authentication
Set your API key before running commands:
export CONVISO_API_KEY="<your_api_key>"
You can also define the variable in a local .env file used by your runtime.
Optional timeout override:
export CONVISO_API_TIMEOUT=60
Command Pattern
Most commands follow this structure:
python -m conviso.app <group> <action> [options]
Common command groups currently documented in the CLI repository include:
projectsassetsrequirementstasksvulnssbombulkaccesscontrol
The top-level CLI also exposes:
upgrade
Output and Pagination
Many list commands support options such as:
--allto fetch all pages--pageand--per-pageor--limitfor pagination control--format table|json|csv--output <file>for file export
Some commands support additional output formats depending on the resource, such as sarif or cyclonedx.
Usage Examples
The examples below reflect the current usage examples documented in the CLI repository README together with the command tree currently registered in the CLI source code.
Command Catalog
The currently available command groups and actions are:
projects:list,requirements,create,update,status,deleteassets:list,create,update,deleterequirements:list,project,activities,create,update,deletetasks:create,list,runtasks approvals:list,clear,removevulns:list,timeline,create,update,check-sca-patchessbom:list,import,check-vulnsbulk:assets,requirements,vulnsaccesscontrol:user-profile,user-teams,bulk-users- top-level:
upgrade
Projects
List all projects:
python -m conviso.app projects list --company-id 443 --all
List projects filtered by assignee:
python -m conviso.app projects list \
--company-id 443 \
--filter assignee=analyst@company.com \
--all
List project requirements and activities:
python -m conviso.app projects requirements --project-id 12345
Create a project:
python -m conviso.app projects create \
--company-id 443 \
--name "New Project" \
--goal "Validate scope" \
--scope "External perimeter" \
--type-id 14 \
--start-date 2026-05-19 \
--estimated-hours 2 \
--assign user@conviso.com.br \
--assets 40641
Update a project:
python -m conviso.app projects update \
--id 12345 \
--company-id 443 \
--name "Platform Pentest Q3" \
--add-tags pentest,critical \
--add-assets 100,101
Update only the project status:
python -m conviso.app projects status ANALYSIS --id 12345
Delete one or more projects:
python -m conviso.app projects delete \
--company-id 443 \
--ids 12345,12346 \
--force
Assets
List assets with filters:
python -m conviso.app assets list \
--company-id 443 \
--tags cloud \
--attack-surface INTERNET_FACING \
--all
Create an asset:
python -m conviso.app assets create \
--company-id 443 \
--name "api-prod" \
--business-impact HIGH \
--data-classification NON_SENSITIVE \
--tags "prod,api"
Update an asset:
python -m conviso.app assets update \
--id 321 \
--company-id 443 \
--name "api-prod-main" \
--business-impact HIGH \
--tags "prod,api,critical"
Delete one or more assets:
python -m conviso.app assets delete \
--company-id 443 \
--ids 321,322 \
--force
Requirements
List requirements:
python -m conviso.app requirements list \
--company-id 443 \
--format table
Create a requirement:
python -m conviso.app requirements create \
--company-id 443 \
--label "Req" \
--description "Desc" \
--activity "Login|Check login|REF-123"
List project requirements:
python -m conviso.app requirements project \
--company-id 443 \
--project-id 26102
List requirement activities:
python -m conviso.app requirements activities \
--company-id 443 \
--requirement-id 1503
Upload one or more files as evidences to a requirement activity:
python -m conviso.app requirements attach \
--activity-id 123456 \
--reason "Evidence for validation"
--file ./evidence.png
List activities directly from a project:
python -m conviso.app requirements activities \
--company-id 443 \
--project-id 26102
Update a requirement:
python -m conviso.app requirements update \
--id 1503 \
--company-id 443 \
--label "Authentication checks" \
--description "Validate login, session, and token controls"
Delete a requirement:
python -m conviso.app requirements delete \
--id 1503 \
--force
Tasks
Create a task from a YAML file:
python -m conviso.app tasks create \
--company-id 443 \
--project-id 26102 \
--label "Nuclei Scan" \
--yaml-file samples/task-nuclei.yaml
Append a task to a requirement:
python -m conviso.app tasks create \
--company-id 443 \
--requirement-id 2174 \
--label "Nuclei Scan" \
--yaml-file samples/task-nuclei.yaml
Run YAML-defined tasks from project requirements:
python -m conviso.app tasks run \
--company-id 443 \
--project-id 26102
List tasks for a project:
python -m conviso.app tasks list \
--company-id 443 \
--project-id 26102
List only tasks with valid YAML:
python -m conviso.app tasks list \
--company-id 443 \
--project-id 26102 \
--only-valid
Create a task with inline YAML:
python -m conviso.app tasks create \
--company-id 443 \
--label "Quick Task" \
--yaml "name: quick\nsteps:\n - action: echo\n message: ok"
List locally approved task commands:
python -m conviso.app tasks approvals list
Remove a single approved command:
python -m conviso.app tasks approvals remove --hash <approval_hash>
Clear all approved task commands:
python -m conviso.app tasks approvals clear
Vulnerabilities
List vulnerabilities by severity and asset tag:
python -m conviso.app vulns list \
--company-id 443 \
--severities HIGH,CRITICAL \
--asset-tags cloud \
--all
List recent vulnerabilities from the last 7 days:
python -m conviso.app vulns list \
--company-id 443 \
--days-back 7 \
--severities HIGH,CRITICAL \
--all
Filter vulnerabilities by author:
python -m conviso.app vulns list \
--company-id 443 \
--author "Fernando" \
--all
Run a local free-text search over the returned results:
python -m conviso.app vulns list \
--company-id 443 \
--all \
--grep "jwt"
Filter vulnerabilities by local field matching:
python -m conviso.app vulns list \
--company-id 443 \
--all \
--contains codeSnippet=eval( \
--contains fileName=app.py
Search DAST and Web vulnerability request and response fields:
python -m conviso.app vulns list \
--company-id 443 \
--types DAST_FINDING,WEB_VULNERABILITY \
--all \
--contains request=Authorization \
--contains response=stacktrace
Show the timeline of a single vulnerability:
python -m conviso.app vulns timeline --id 98765
Show vulnerability timelines aggregated from a project:
python -m conviso.app vulns timeline \
--company-id 443 \
--project-id 26102 \
--last-status-change-only
Create a vulnerability:
python -m conviso.app vulns create \
--type SOURCE \
--asset-id 123 \
--title "Hardcoded secret" \
--description "Secret found in source code" \
--solution "Move secret to a secure vault" \
--impact-level HIGH \
--probability-level MEDIUM \
--severity HIGH \
--file-name app.py \
--vulnerable-line 42 \
--code-snippet "API_KEY = 'secret'"
Update a vulnerability and assignees:
python -m conviso.app vulns update \
--id 98765 \
--type SOURCE \
--status IN_PROGRESS \
--assignees analyst@company.com,dev@company.com
Check patch availability for SCA vulnerabilities:
python -m conviso.app vulns check-sca-patches \
--company-id 443 \
--severities HIGH,CRITICAL \
--all
SBOM
List SBOM components:
python -m conviso.app sbom list \
--company-id 443 \
--name log4j \
--all \
--format csv \
--output sbom.csv
Import an SBOM file for an asset:
python -m conviso.app sbom import \
--company-id 443 \
--file bom.cdx \
--asset-id 123
Check vulnerabilities from the OSV API using platform assets:
python -m conviso.app sbom check-vulns \
--company-id 443 \
--asset-ids 123 \
--tags foo \
--format json \
--output osv.json
Check vulnerabilities from a local CycloneDX file:
python -m conviso.app sbom check-vulns \
--file bom.cdx \
--format json \
--output osv.json
Bulk Operations
Assets CSV
Create assets from CSV:
python -m conviso.app bulk assets \
--company-id 443 \
--file assets.csv \
--op create
Preview an update without applying it:
python -m conviso.app bulk assets \
--company-id 443 \
--file assets.csv \
--op update \
--preview-only
Show the bulk assets template:
python -m conviso.app bulk assets --show-template
Repository sample:
samples/assets_sample.csv
Requirements CSV
Create requirements from CSV:
python -m conviso.app bulk requirements \
--company-id 443 \
--file reqs.csv \
--op create
Show the bulk requirements template:
python -m conviso.app bulk requirements --show-template
Repository sample:
samples/requirements_sample.csv
Vulnerabilities CSV or SARIF
Create vulnerabilities from CSV:
python -m conviso.app bulk vulns \
--company-id 443 \
--file vulns.csv \
--op create
Create vulnerabilities from SARIF:
python -m conviso.app bulk vulns \
--company-id 443 \
--file vulns.sarif \
--op create \
--sarif
Show the bulk vulnerabilities template:
python -m conviso.app bulk vulns --show-template
Repository samples:
samples/vulns_sample.csvvulns.sarif
Access Control
Update the access profile of a user:
python -m conviso.app accesscontrol user-profile \
--company-id 443 \
--user-id 123 \
--profile-id 7
Update the teams associated with a user:
python -m conviso.app accesscontrol user-teams \
--company-id 443 \
--user-id 123 \
--team-ids 10,11
Remove all teams from a user:
python -m conviso.app accesscontrol user-teams \
--company-id 443 \
--user-id 123 \
--clear
Bulk update user access from CSV:
python -m conviso.app accesscontrol bulk-users --file users.csv
The access control bulk template uses the following columns:
company_iduser_idprofile_idteam_idsclear_teams
Operational Notes
According to the repository README:
- API and GraphQL errors exit with code
1 --quietsuppresses informational logs--verboseshows more request and pagination details- the CLI checks for updates at startup
You can disable the update check with:
export CONVISO_CLI_SKIP_UPDATE_CHECK=1
You can also override the remote version when needed:
export CONVISO_CLI_REMOTE_VERSION="0.0.0"
Help and Discovery
Use built-in help at any level:
python -m conviso.app --help
python -m conviso.app projects --help
python -m conviso.app accesscontrol --help
python -m conviso.app tasks approvals --help
python -m conviso.app vulns list --help
Reference
This documentation was updated based on the current README.md in the official repository:
Contribute to the Docs
Found something outdated or missing? Help us improve the documentation with a quick suggestion or edit.
How to contributeResources
By exploring our content, you'll find resources that will enhance your understanding of the importance of a Security Application Program.
Conviso Blog: Explore our blog, which offers a collection of articles and posts covering a wide range of AppSec topics. The content on the blog is primarily in English.
Conviso's YouTube Channel: Access a wealth of informative videos covering various topics related to AppSec. Please note that the content is primarily in Portuguese.