Integrate Retire.js with Vulnetix. Scan JavaScript projects for vulnerable library versions and export findings as JSON or CycloneDX for upload to Vulnetix.

CLI toolJSONCycloneDX

Install & scan

$ npm install -g retire
# or use without install:
npx retire --help
$ retire --outputformat json --outputpath retire-report.json --path .

Run Retire.js in CI

Scan on every push and upload the results to Vulnetix:

- name: Install Retire.js
  run: npm install -g retire

- name: Run Retire.js scan
  run: retire --outputformat json --outputpath retire-report.json --path .

- name: Upload to Vulnetix
  run: vulnetix upload --file retire-report.json

Centralise Retire.js results in Vulnetix

Upload Retire.js JSON, CycloneDX output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

Retire.js documentation ↗ · Source repository ↗

Wire Retire.js into your CI/CD pipeline →

Retire.js Integration Guide

Install & scan

Run Retire.js in CI

Centralise Retire.js results in Vulnetix