Why Use the CLI?
The Debuggix CLI brings the same 9-engine security analysis to your local machine. Run scans before commit, in CI/CD pipelines, or as part of your development workflow. The CLI is free, open source, and requires no authentication for public repository scanning.
- Pre-commit scanning: Catch secrets and vulnerabilities before they reach your remote repository
- CI/CD integration: Add Debuggix to your GitHub Actions, GitLab CI, or Jenkins pipeline
- Offline mode: Scan local code without sending anything to the cloud
- JSON output: Pipe results to other tools or generate reports
Installation
macOS (Homebrew)
brew tap debuggix/tap
brew install debuggix-cliLinux (curl)
curl -fsSL https://debuggix.space/install.sh | shWindows (winget)
winget install debuggix.cliDocker
docker pull debuggix/cli:latest
docker run --rm -v $(pwd):/app debuggix/cli scan /appBuild from Source
git clone https://github.com/Artenna-systems/debuggix-cli.git
cd debuggix-cli
cargo build --release
./target/release/debuggix --helpQuick Start
Navigate to your project directory and run:
cd /path/to/your/project
debuggix scan .The CLI will automatically detect your project type, run all 9 engines, and output a formatted report.
Scan Specific Files or Directories
debuggix scan src/ --format json
debuggix scan app.py utils.js --verboseExclude Paths
debuggix scan . --exclude "tests/*,node_modules/*,dist/*"Pre-Commit Hook Integration
Add Debuggix to your pre-commit hooks to block commits that contain secrets or critical vulnerabilities.
# .git/hooks/pre-commit
#!/bin/sh
echo "🔍 Running Debuggix security scan..."
if ! debuggix scan --staged --quiet; then
echo "❌ Security issues found. Commit blocked."
echo "Run 'debuggix scan .' to see details."
exit 1
fi
echo "✅ No critical issues found. Proceeding with commit."Make the hook executable:
chmod +x .git/hooks/pre-commitGitHub Actions Integration
Add Debuggix to your CI/CD pipeline to scan every pull request.
name: Security Scan
on:
pull_request:
branches: [main, develop]
jobs:
debuggix-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Debuggix CLI
uses: debuggix/action@v1
with:
path: ./
format: sarif
output: results.sarif
- name: Upload SARIF to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarifGitLab CI Integration
# .gitlab-ci.yml
security-scan:
stage: test
image: debuggix/cli:latest
script:
- debuggix scan . --format json --output gl-sast-report.json
artifacts:
reports:
sast: gl-sast-report.json
paths:
- gl-sast-report.jsonOutput Formats
The CLI supports multiple output formats for different use cases:
--format text(default): Human-readable colored output--format json: Machine-readable JSON for integration--format sarif: SARIF format for GitHub Advanced Security--format junit: JUnit XML for CI/CD dashboards
debuggix scan . --format json --output results.json
debuggix scan . --format sarif | tee results.sarifConfiguration File
Create a .debuggix.toml file in your project root to customize behavior:
# .debuggix.toml
[scan]
exclude_patterns = ["tests/*", "examples/*", "**/*_test.go"]
max_file_size = "1MB"
follow_symlinks = false
[report]
format = "text"
severity_threshold = "medium"
show_fixed = false
[engines]
enabled = ["semgrep", "gitleaks", "trivy", "eslint"]
semgrep_rules = ["p/security-audit", "p/owasp-top-ten"]Authentication for Private Repositories
To scan private repositories, authenticate with your GitHub token:
export GITHUB_TOKEN=ghp_your_token_here
debuggix scan https://github.com/your-org/private-repo.gitTroubleshooting
Command not found
Ensure the Debuggix binary is in your PATH. On macOS/Linux, add to your shell profile:
export PATH="$PATH:$HOME/.debuggix/bin"Scan takes too long
Exclude large directories like node_modules or target:
debuggix scan . --exclude "node_modules/*,target/*,venv/*"False positives
Add ignore comments to suppress specific findings:
// debuggix-ignore: hardcoded-credential (this is a test key)
const apiKey = "sk_test_4eC39HqLyjWDarjtT1zdp7dc";📦 Coming soon: VS Code extension with inline highlighting, automatic fixes, and real-time scanning as you type.