v0.1.0 · 2026-04-19

Pick your deployment.

One codebase, three shapes. Solo ships as an Electron installer for all three desktop OSes. Team runs as a multi-arch Docker image (linux/amd64 + linux/arm64) or a bare-metal tarball with systemd / Windows-service automation. Every binary ships with a SHA-256 you can verify.

v0.1.0 release page changelog SHA256SUMS.txt

Solo desktop

For individual researchers. Electron app bundles the frontend, Express server, MCP server, and SQLite — everything is local.

Windows (.exe)

macOS (arm64 .dmg)

Linux (.AppImage)

Fully offline-capable
First-launch wizard picks your mode
Desktop AI keys encrypted at rest (AES-256-GCM)

Windows installer

macOS arm64 Linux

team

Team · Docker

Pre-built multi-arch image on GitHub Container Registry. Runs on anything that runs Docker.

linux/amd64

linux/arm64

:0.1.0

:latest

JWT auth with rotating refresh + optional OIDC SSO
Worker pool for heavy scans
AI keys + integration tokens encrypted at rest, never proxied to clients

view on GHCR

team

Team · bare metal

347 KB tarball for shops that don't run Docker. Creates a systemd unit on Linux, a launchd plist on macOS, or a Windows service.

systemd

Windows service

launchd

Preflight: Node 20+ / Python / git
Secrets generated on install, stored chmod-600
Idempotent migrations — safe to re-run

server tarball

Team · Docker (recommended)

bash

# 1 · pull the pre-built multi-arch image (linux/amd64 + linux/arm64)
docker pull ghcr.io/asafmeizner/vulnforge-server:0.1.0

# 2 · grab the compose file + env template
curl -O https://raw.githubusercontent.com/AsafMeizner/vulnforge/v0.1.0/docker-compose.server.yml
curl -O https://raw.githubusercontent.com/AsafMeizner/vulnforge/v0.1.0/.env.server.example

# 3 · configure
cp .env.server.example .env.server
# edit: VULNFORGE_PUBLIC_URL, generate VULNFORGE_JWT_SECRET + VULNFORGE_BOOTSTRAP_TOKEN

# 4 · bring up the stack
docker compose -f docker-compose.server.yml --env-file .env.server up -d

# 5 · grab the bootstrap token (printed once on first start)
docker logs vulnforge-server

# on your desktop: wizard → Team → paste server URL + token

Team · Linux / macOS

bash

curl -LO https://github.com/AsafMeizner/vulnforge/releases/download/v0.1.0/vulnforge-server-0.1.0.tar.gz
tar xzf vulnforge-server-0.1.0.tar.gz
sudo ./scripts/install-server.sh
# preflights Node 20+ / Python / git,
# generates JWT + bootstrap secrets,
# creates systemd service,
# runs migrations,
# prints bootstrap token

Team · Windows

powershell

Invoke-WebRequest -Uri https://github.com/AsafMeizner/vulnforge/releases/download/v0.1.0/vulnforge-server-0.1.0.tar.gz -OutFile vulnforge-server-0.1.0.tar.gz
tar xzf vulnforge-server-0.1.0.tar.gz
# run PowerShell as Administrator:
.\scripts\install-server.ps1
# creates a Windows service

Verify integrity

Every binary on the release page has a SHA-256 entry in SHA256SUMS.txt. Cross-check before running.

bash

# download the checksum file alongside the installers
curl -LO https://github.com/AsafMeizner/vulnforge/releases/download/v0.1.0/SHA256SUMS.txt

# verify every binary in one shot
sha256sum -c SHA256SUMS.txt
# expected: one "OK" per line, one line per binary

CLI — headless from any terminal

The vulnforge CLI is a zero-dep Node script bundled with every desktop install + the server tarball. Works against a local VulnForge or a remote one via VULNFORGE_API_BASE.

bash

# the vulnforge CLI ships with every desktop install AND
# inside the server tarball (bin/vulnforge wraps cli/vulnforge.mjs).

# quick status from any terminal
vulnforge status

# tail findings live
vulnforge findings --follow

# trigger an AI triage on a scan finding
vulnforge triage <finding-id>

# launch a hunt against a git URL
vulnforge hunt https://github.com/org/repo

# point at a remote VulnForge
VULNFORGE_API_BASE=https://vulnforge.acme.corp vulnforge status

First hunt in 5 minutes

After install: Hunt → paste a GitHub URL → Start. Watch the full pipeline run. Review findings. No sign-up, no telemetry, nothing to configure to get started.

See what you can do