--trace Execution traces, expressed as a semicolon-delimited list enclosed in double quotes, that should be emitted to the console and log file (if appropriate). Valid values: PdbLoad, ScanTime, RuleScanTime, PeakWorkingSet, TargetsScanned, ResultsSummary. --sympath Symbol paths, expressed as a semicolon-delimited list enclosed in double quotes. (e.g. SRV*https://msdl.microsoft.com/download/symbols or Cache*d:\symbols;Srv*https://symweb) See https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/advanced-symsrv-use for syntax information. --local-symbol-directories Local directory paths, expressed as a semicolon-delimited list enclosed in double quotes, that will be examined when attempting to locate PDBs. -o, --output File path used to write and output analysis using SARIF -r, --recurse [true|false] If true, recurse into subdirectories when evaluating file specifier arguments -c, --config (Default: ‘default’) Path to policy file to be used to configure analysis. Passing value of 'default' (or omitting the argument) invokes built-in settings -q, --quiet [true|false] If true, do not log results to the console -s, --statistics Generate timing and other statistics for analysis session --insert Optionally present data, expressed as a semicolon-delimited list enclosed in double quotes, that should be inserted into the log file. Valid values include Hashes, TextFiles, BinaryFiles, EnvironmentVariables, RegionSnippets, ContextRegionSnippets, ContextRegionSnippetPartialFingerprints, Guids, VersionControlDetails, and NondeterministicProperties. -e, --environment [true|false]

If true, log machine environment details of run to output file.

WARNING: This option records potentially sensitive information (such as all environment variable values) to the log file.

-p, --plugin Paths to plugin, expressed as a semicolon-delimited list enclosed in double quotes, that will be invoked against all targets in the analysis set. --rich-return-code [true|false] If true, output a more detailed exit code consisting of a series of flags about execution, rather than outputting '0' for success/'1' for failure (see codes below) --level Failure levels, expressed as a semicolon-delimited list enclosed in double quotes, that is used to filter the scan results. Valid values: Error, Warning and Note. --kind Result kinds, expressed as a semicolon-delimited list enclosed in double quotes, that is used to filter the scan results. Valid values: Fail (for literal scan results), Pass, Review, Open, NotApplicable and Informational. --baseline A Sarif file to be used as baseline. --help Table of argument information. --version BinSkim version details. value pos. 0 One or more specifiers to a file, directory, or filter pattern that resolves to one or more binaries to analyze.