Integrate Vulnetix CLI into Earthly build targets for reproducible vulnerability scanning.
Add Vulnetix to Earthly
Create Earthfile and run the Vulnetix CLI in your Earthly pipeline. It collects SARIF, CycloneDX and SPDX artifacts automatically and uploads them for centralised vulnerability management:
VERSION 0.8
FROM golang:1.21
vulnetix-scan:
RUN go install github.com/vulnetix/cli@latest
COPY . /workspace
WORKDIR /workspace
RUN --secret VULNETIX_ORG_ID vulnetix scan
RUN --secret VULNETIX_ORG_ID vulnetix upload --file reports/results.sarif
Why run Vulnetix in Earthly?
Every scan from every job lands in one queue, deduplicated and prioritised with EPSS, CISA KEV and Coalition ESS exploit intelligence — so your Earthly pipeline gates merges on what is actually exploitable, not raw scanner noise.