Skip to content

av login

Sign in to AlertaVuln in your browser - the CLI receives a session token over a one-time localhost callback, and no credentials are ever typed into the terminal.

Terminal window
av login [flags]

The binary ships as alertavuln; av is the common alias - they are interchangeable in every example.

av login starts a one-time HTTP listener on 127.0.0.1 (random port) and opens your default browser to the AlertaVuln sign-in page, passing the callback port and a random state value for CSRF protection. Sign in on the web with Entra/Microsoft, Google, or email; the browser then hands a session token back to the CLI over the localhost callback. The CLI verifies the state value, stores the token (and your email) in its config file, and prints Logged in as [email protected].

If the browser does not open automatically, the CLI prints the URL so you can open it yourself. The command waits up to 3 minutes for the sign-in to complete; press Ctrl-C to abort earlier.

The sign-in page is served by the configured API host, so --api-url (or the ALERTAVULN_API_URL environment variable) controls which deployment you sign in to.

Flag Default Description
--api-url https://alertavuln.com API base URL (global flag; used when set, otherwise the ALERTAVULN_API_URL environment variable, otherwise the default)

Sign in to AlertaVuln:

Terminal window
av login

Sign in to a different deployment for this invocation:

Terminal window
av login --api-url https://alertavuln.example.com

Sign in and confirm the stored identity in one step:

Terminal window
av login && av whoami
Code Meaning
0 Signed in; the session token was stored
1 Sign-in failed - state mismatch, an error returned in the callback, no sign-in within 3 minutes, or the config file could not be written