Documentation
Everything you need to install, configure, and use Oncecheck.
Installation
Oncecheck requires Python 3.8 or later. Install it from PyPI:
pip3 install --upgrade oncecheckpip install --upgrade oncecheckVerify the installation:
oncecheck --versionQuick Start
1. Authenticate with your account
oncecheck login2. Scan your project
oncecheck scan ./my-project3. Or launch interactive mode
oncecheckInteractive mode lets you browse findings with arrow keys, view fix suggestions, and jump to references.
Commands
oncecheck scan <path>
Scan a project directory for compliance issues.
| Flag | Description |
|---|---|
| --platform | Force platform (ios, android, web). Default: auto-detect. |
| --format | Output format: terminal, json, sarif, text. Default: terminal. |
| --output | Write results to a file instead of stdout. |
| --interactive | Open findings in the interactive browser after scanning. |
| --fail-on | Set exit code threshold: warning or failure. Default: failure. |
oncecheck login / oncecheck logout / oncecheck status
Authenticate with your Oncecheck account, log out, or check your current authentication and plan status.
oncecheck init <path>
Generate a .oncecheckrc configuration file and .oncecheckignore in the target directory.
oncecheck completions <shell>
Output shell completions for bash, zsh, or fish.
Configuration
.oncecheckrc
YAML configuration file placed at the root of your project.
# .oncecheckrc
platform: ios # ios | android | web | auto
format: terminal # terminal | json | sarif | text
fail-on: failure # warning | failure
suppress:
- IOS-SEC-001
- SUPPLY-DEP-001.oncecheckignore
Gitignore-style file to exclude paths from scanning.
# .oncecheckignore
node_modules/
build/
*.generated.swift
Pods/Export Formats
| Format | Description | Plan |
|---|---|---|
| terminal | Colored terminal output (default) | All |
| json | Machine-readable JSON | Team |
| sarif | SARIF 2.1 — integrates with GitHub Code Scanning and VS Code | Team |
| text | Plain text (no color codes) | Team |
Use --format json --output results.json to write results to a file.
CI/CD Integration
Oncecheck uses standard exit codes for pipeline integration:
| Code | Meaning |
|---|---|
| 0 | All checks passed |
| 1 | Warnings found |
| 2 | Failures found |
GitHub Actions example:
name: Compliance Check
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- run: pip install --upgrade oncecheck
- run: oncecheck login --token ${{ secrets.ONCECHECK_TOKEN }}
- run: oncecheck scan . --format sarif --output results.sarif
- uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: results.sarifSARIF export requires the Team plan.
Rule Sources
Oncecheck's 73+ rules are derived from official guidelines and industry standards. Below are the primary sources:
| Category | Rules | Source |
|---|---|---|
| iOS | 20 | Apple App Store Review Guidelines |
| Android | 18 | Google Play Developer Policy |
| Web | 27 | OWASP Top 10 |
| Common | 8 | Cross-platform (supply chain, accessibility) |
Additional standards covered:
Plans
| Feature | Starter (Free) | Team |
|---|---|---|
| Compliance rules | 35 | 73+ |
| Scans per day | 3 | Unlimited |
| Platforms | iOS, Android, Web | iOS, Android, Web |
| Terminal output | Yes | Yes |
| JSON / SARIF / text export | No | Yes |
| CI/CD integration | Exit codes only | Full (SARIF upload) |
| Priority support | No | Yes |
| Price | $0 | $19/mo or $190/yr |
Ready to upgrade? Upgrade to Team