Quickstart
Get xa-v running in 5 minutes.
Install
npm install -g xa-v
Or run directly:
npx xa-v scan ./openapi.yaml
Scan Your First API
Point xa-v at an OpenAPI spec:
xa-v scan ./openapi.yaml
Or scan a running API directly:
xa-v scan https://api.example.com
View Results
Results are printed to your terminal:
┌─ Scanning API...
│ ✓ API discovered (47 endpoints)
│ 🔍 Running OWASP Top 10 checks
│ ────────────────────────────────
│ ✗ BOLA — GET /users/:id
│ → Missing authorization
│ ! Rate limit — POST /checkout
│ → No rate limiting configured
│ ────────────────────────────────
│ ✓ 3 vulnerabilities found. 0 false positives.
└────────────────────────────────
│ ✓ API discovered (47 endpoints)
│ 🔍 Running OWASP Top 10 checks
│ ────────────────────────────────
│ ✗ BOLA — GET /users/:id
│ → Missing authorization
│ ! Rate limit — POST /checkout
│ → No rate limiting configured
│ ────────────────────────────────
│ ✓ 3 vulnerabilities found. 0 false positives.
└────────────────────────────────
For a detailed report, view results in your dashboard.
Next Steps
- CLI Reference — all available commands and flags
- CI/CD Integration — add xa-v to your pipeline
- Dashboard — manage specs, scans, and alerts