ankercode check
ankercode check is the all-in-one command. It runs all scanners and generates PDF, HTML, and DOCX reports in a single step.
ankercode check [path] [options]path defaults to the current directory if omitted.
Options
Section titled “Options”| Option | Description |
|---|---|
--project <name> |
Override the project name used in the report header. Defaults to the directory name. |
--pdf |
Generate PDF only (skips HTML and DOCX) |
--html |
Generate HTML only |
--docx |
Generate DOCX only |
If none of --pdf, --html, --docx are given, all three formats are generated.
Examples
Section titled “Examples”# Scan current directory, generate all formatsankercode check
# Scan a specific pathankercode check /path/to/my-product
# Use a custom project name in the reportankercode check . --project "MyProduct v2.1"
# PDF onlyankercode check . --pdfWhat it does
Section titled “What it does”Internally check runs ankercode scan (all scanners) followed by ankercode report. It is equivalent to:
ankercode scan /path/to/project # runs --sbom --vulns --licenses --secretsankercode report /path/to/project --pdf --html --docxIf you want finer control — for example running only CVE and secret scans without generating a report — use ankercode scan directly with the appropriate flags.
Output
Section titled “Output”All files are written to <path>/ankercode/:
ankercode/ findings.json sbom.cyclonedx.json audit.jsonl report-YYYY-MM-DD.pdf report-YYYY-MM-DD.html report-YYYY-MM-DD.docxRequirements
Section titled “Requirements”- wkhtmltopdf must be installed for
--pdf(or when no format flag is given) - Syft, Trivy, and Gitleaks must be installed (done by
install.sh)