2 Commits

Author SHA1 Message Date
Devin AI 870cc68dc3 docs: add Vale vocabulary for Strix product/security terms
Co-Authored-By: Alex Schapiro <bearsyankees@gmail.com>
2026-06-30 18:27:22 +00:00
Devin AI 1099eefedd docs: add Scarf usage-analytics pixel to docs + README
Co-Authored-By: Alex Schapiro <bearsyankees@gmail.com>
2026-06-30 18:15:08 +00:00
30 changed files with 163 additions and 19 deletions
+1 -1
View File
@@ -11,7 +11,7 @@ repos:
# MyPy for static type checking
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.17.1
rev: v1.16.0
hooks:
- id: mypy
additional_dependencies: [
+2
View File
@@ -275,3 +275,5 @@ Strix builds on the incredible work of open-source projects like [LiteLLM](https
> Only test apps you own or have permission to test. You are responsible for using Strix ethically and legally.
</div>
![](https://static.scarf.sh/a.png?x-pxid=a0ba15dd-a205-4a54-95d6-7814e9ae6b61)
+4
View File
@@ -3,6 +3,10 @@ title: "Configuration"
description: "Environment variables for Strix"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Configure Strix using environment variables or a config file.
## LLM Configuration
+4
View File
@@ -3,6 +3,10 @@ title: "Skills"
description: "Specialized knowledge packages that enhance agent capabilities"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Skills are structured knowledge packages that give Strix agents deep expertise in specific vulnerability types, technologies, and testing methodologies.
## The Idea
+4
View File
@@ -3,6 +3,10 @@ title: "Introduction"
description: "Managed security testing without local setup"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Skip the setup. Run Strix in the cloud at [app.strix.ai](https://app.strix.ai).
## Features
+4
View File
@@ -3,6 +3,10 @@ title: "Contributing"
description: "Contribute to Strix development"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Development Setup
### Prerequisites
+4
View File
@@ -3,6 +3,10 @@ title: "Introduction"
description: "Open-source AI hackers to secure your apps"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix are autonomous AI agents that act like real hackers—they run your code dynamically, find vulnerabilities, and validate them with proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.
<Frame>
+4
View File
@@ -3,6 +3,10 @@ title: "CI/CD Integration"
description: "Run Strix in any CI/CD pipeline"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix runs in headless mode for automated pipelines.
## Headless Mode
+4
View File
@@ -3,6 +3,10 @@ title: "GitHub Actions"
description: "Run Strix security scans on every pull request"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Integrate Strix into your GitHub workflow to catch vulnerabilities before they reach production.
## Basic Workflow
+4
View File
@@ -3,6 +3,10 @@ title: "Anthropic"
description: "Configure Strix with Claude models"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Setup
```bash
+4
View File
@@ -3,6 +3,10 @@ title: "Azure OpenAI"
description: "Configure Strix with OpenAI models via Azure"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Setup
```bash
+4
View File
@@ -3,6 +3,10 @@ title: "AWS Bedrock"
description: "Configure Strix with models via AWS Bedrock"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Setup
```bash
+4
View File
@@ -3,6 +3,10 @@ title: "Local Models"
description: "Run Strix with self-hosted LLMs for privacy and air-gapped testing"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Running Strix with local models allows for completely offline, privacy-first security assessments. Data never leaves your machine, making this ideal for sensitive internal networks or air-gapped environments.
## Privacy vs Performance
+4
View File
@@ -3,6 +3,10 @@ title: "Novita AI"
description: "Configure Strix with Novita AI models"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
[Novita AI](https://novita.ai) provides fast, cost-efficient inference for open-source models via an OpenAI-compatible API.
## Setup
+4
View File
@@ -3,6 +3,10 @@ title: "OpenAI"
description: "Configure Strix with OpenAI models"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Setup
```bash
+4
View File
@@ -3,6 +3,10 @@ title: "OpenRouter"
description: "Configure Strix with models via OpenRouter"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
[OpenRouter](https://openrouter.ai) provides access to 100+ models from multiple providers through a single API.
## Setup
+4
View File
@@ -3,6 +3,10 @@ title: "Overview"
description: "Configure your AI model for Strix"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix uses [LiteLLM](https://docs.litellm.ai/docs/providers) for model compatibility, supporting 100+ LLM providers.
## Configuration
+4
View File
@@ -3,6 +3,10 @@ title: "Google Vertex AI"
description: "Configure Strix with Gemini models via Google Cloud"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Installation
Vertex AI requires the Google Cloud dependency. Install Strix with the vertex extra:
+4
View File
@@ -3,6 +3,10 @@ title: "Quick Start"
description: "Install Strix and run your first security scan"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Prerequisites
- Docker (running)
+10
View File
@@ -0,0 +1,10 @@
export const ScarfPixel = () => (
<img
referrerPolicy="no-referrer-when-downgrade"
src="https://static.scarf.sh/a.png?x-pxid=a0ba15dd-a205-4a54-95d6-7814e9ae6b61"
alt=""
width="1"
height="1"
style={{ position: "absolute", width: 0, height: 0, opacity: 0, pointerEvents: "none" }}
/>
);
@@ -0,0 +1,34 @@
agentic
Caido
deobfuscation
deserialization
Devstral
[Dd]ocstrings
exfiltration
failover
ffuf
Firestore
frontmatter
fuzzer
gcloud
hardcoded
Kimi
Langfuse
LLMs?
[Mm]isconfigurations?
Novita
Ollama
pentest(ers|ing)?
pipx
pull_request
Pydantic
spidering
SQLi
[Ss]trix
Supabase
traceback
UIs
untrusted
uv
vulns
[Ww]ordlist
+4
View File
@@ -3,6 +3,10 @@ title: "Browser"
description: "Playwright-powered Chrome for web application testing"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix uses a headless Chrome browser via Playwright to interact with web applications exactly like a real user would.
## How It Works
+4
View File
@@ -3,6 +3,10 @@ title: "Agent Tools"
description: "How Strix agents interact with targets"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix agents use specialized tools to test your applications like a real penetration tester would.
## Core Tools
+4
View File
@@ -3,6 +3,10 @@ title: "HTTP Proxy"
description: "Caido-powered proxy for request interception and replay"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix includes [Caido](https://caido.io), a modern HTTP proxy built for security testing. All browser traffic flows through Caido, giving the agent full control over requests and responses.
## Capabilities
+4
View File
@@ -3,6 +3,10 @@ title: "Sandbox Tools"
description: "Pre-installed security tools in the Strix container"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix runs inside a Kali Linux-based Docker container with a comprehensive set of security tools pre-installed. The agent can use any of these tools through the [terminal](/tools/terminal).
## Reconnaissance
+4
View File
@@ -3,6 +3,10 @@ title: "Terminal"
description: "Bash shell for running commands and security tools"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix has access to a persistent bash terminal running inside the Docker sandbox. This gives the agent access to all [pre-installed security tools](/tools/sandbox).
## Capabilities
+4
View File
@@ -3,6 +3,10 @@ title: "CLI Reference"
description: "Command-line options for Strix"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Basic Usage
```bash
+4
View File
@@ -3,6 +3,10 @@ title: "Custom Instructions"
description: "Guide Strix with custom testing instructions"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Use instructions to provide context, credentials, or focus areas for your scan.
## Inline Instructions
+4
View File
@@ -3,6 +3,10 @@ title: "Scan Modes"
description: "Choose the right scan depth for your use case"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix offers three scan modes to balance speed and thoroughness.
## Quick
+16 -18
View File
@@ -3,7 +3,6 @@
from __future__ import annotations
import csv
import io
import json
import logging
import tempfile
@@ -59,9 +58,9 @@ def write_vulnerabilities(
new_reports = [r for r in vulnerability_reports if r["id"] not in saved_vuln_ids]
for report in new_reports:
_atomic_write_text(
vuln_dir / f"{report['id']}.md",
(vuln_dir / f"{report['id']}.md").write_text(
render_vulnerability_md(report),
encoding="utf-8",
)
saved_vuln_ids.add(report["id"])
@@ -70,21 +69,20 @@ def write_vulnerabilities(
key=lambda r: (_SEVERITY_ORDER.get(r["severity"], 5), r["timestamp"]),
)
csv_path = run_dir / "vulnerabilities.csv"
csv_buf = io.StringIO()
fieldnames = ["id", "title", "severity", "timestamp", "file"]
csv_writer = csv.DictWriter(csv_buf, fieldnames=fieldnames, lineterminator="\r\n")
csv_writer.writeheader()
for report in sorted_reports:
csv_writer.writerow(
{
"id": report["id"],
"title": report["title"],
"severity": report["severity"].upper(),
"timestamp": report["timestamp"],
"file": f"vulnerabilities/{report['id']}.md",
},
)
_atomic_write_text(csv_path, csv_buf.getvalue())
with csv_path.open("w", encoding="utf-8", newline="") as f:
fieldnames = ["id", "title", "severity", "timestamp", "file"]
writer = csv.DictWriter(f, fieldnames=fieldnames)
writer.writeheader()
for report in sorted_reports:
writer.writerow(
{
"id": report["id"],
"title": report["title"],
"severity": report["severity"].upper(),
"timestamp": report["timestamp"],
"file": f"vulnerabilities/{report['id']}.md",
},
)
_atomic_write_text(
run_dir / "vulnerabilities.json",