firmis triage - AI-Powered Finding Prioritization
The firmis triage command sends your scan findings to the Firmis cloud for AI-powered analysis. It separates confirmed exploitable findings from likely false positives using context-aware analysis.
Synopsis
Section titled “Synopsis”firmis triage [path] [options]If [path] is omitted, Firmis triages findings from the current directory.
How It Works
Section titled “How It Works”- Your latest scan results are sent to the Firmis triage edge function
- Each component’s findings are analyzed by the AI layer
- Findings are scored and separated into confirmed (exploitable) and dismissed (likely false positive)
- Results are returned with reasoning and attack technique details
A finding is marked confirmed when deep scan category matching identifies it as exploitable. Otherwise, it is classified as a likely false positive.
Options
Section titled “Options”| Flag | Description |
|---|---|
--severity <level> | Minimum severity to triage: low, medium, high, critical |
--top <n> | Only triage the top N highest-severity findings |
--quiet | Suppress non-essential output |
Output
Section titled “Output”The command displays:
- Count of confirmed findings by severity and category
- Count of likely false positives
- Credits used and remaining
Credits
Section titled “Credits”- Cost: 5 credits per component analyzed
- Free tier: 50 credits/month. First deep scan each month is free. After that, scans use credits from your balance
- Pro/Business: Credits tracked but never blocked
Example
Section titled “Example”$ firmis triage --severity high
Analyzing 8 components (40 credits)...
Confirmed (exploitable): 3 2 critical, 1 high
Dismissed (likely false positive): 12
Credits used: 40 | Remaining: 460