Operational Workflow
A precise, non-intrusive analysis pipeline. Each stage is isolated, providing a deterministic assessment of your security posture.
Clone
Clones the target repository into an isolated temporary directory — never into the active project workspace. Supports both public and private repos with credential prompting.
execution/clone_repository.pyStatic Analysis
Scans source files for security anti-patterns, hardcoded secrets, and unsafe code constructs. Covers injection vectors, auth flaws, and cryptographic misuse.
execution/static_analysis.pyDependency Audit
Cross-references all dependency manifests against CVE databases. Identifies known vulnerabilities and supply-chain risks in your dependency tree.
execution/dependency_audit.pyReport Generation
Aggregates all findings into a structured PDF/Markdown report with severity ratings, systemic weakness analysis, and exact remediation guidance.
execution/generate_report.py$ nerv initiate --target https://nerv.so
[DIRECTIVE] Reading security_scan.md...
[ORCHESTRATION] Routing to clone_repository.py
[EXECUTION] Cloning to isolated workspace...
[EXECUTION] Running static_analysis.py — 1,247 files scanned
[EXECUTION] Running dependency_audit.py — Cross-referencing CVEs
[EXECUTION] Generating report → security_report.pdf
✓ Pipeline terminated. Operation complete.