Documentation Index
Fetch the complete documentation index at: https://mintlify.com/usestrix/strix/llms.txt
Use this file to discover all available pages before exploring further.
Strix uses standard exit codes to indicate the result of a scan. Exit codes are only meaningful in non-interactive mode.
Overview
In non-interactive mode, Strix returns different exit codes to indicate:
- Success with no vulnerabilities found (0)
- Errors during execution (1)
- Success with vulnerabilities found (2)
This allows CI/CD pipelines to fail builds when security issues are discovered.
Exit Code Reference
Exit Code 0: Success - No Vulnerabilities
strix --target example.com --non-interactive
echo $? # Output: 0
- Scan completed without errors
- All agents finished their work
- No vulnerabilities were reported
- Target appears secure
CI/CD usage:
# Build passes
strix --target . --scan-mode quick --non-interactive
if [ $? -eq 0 ]; then
echo "✓ Security scan passed"
exit 0
fi
Exit Code 1: Error During Execution
strix --target example.com --non-interactive
echo $? # Output: 1
Unable to connect to the language model provider.Solutions:
- Verify
STRIX_LLM environment variable is set
- Check
LLM_API_KEY is valid and not expired
- Verify network connectivity to LLM provider
- Check API rate limits and quotas
- Review LLM provider service status
Docker daemon not running or Docker-related error.Solutions:
- Start Docker daemon:
sudo systemctl start docker
- Verify Docker is installed:
docker --version
- Check Docker permissions: add user to docker group
- Ensure Docker image can be pulled
- Check available disk space
Invalid configuration or missing required settings.Solutions:
- Verify all required environment variables are set
- Check custom config file syntax if using
--config
- Ensure target is accessible and valid
- Review instruction file contents if using
--instruction-file
Unable to reach or access the target.Solutions:
- Verify target URL is correct and accessible
- Check network connectivity
- Verify authentication if required
- Ensure target is running if testing localhost
- Check firewall rules
Unexpected error during execution.Solutions:
- Review error output in stderr
- Check scan logs in output directory
- Report bug if error appears to be in Strix
- Try running in interactive mode for more details
strix --target . --non-interactive 2>error.log
if [ $? -eq 1 ]; then
echo "✗ Security scan failed"
cat error.log
exit 1
fi
Exit Code 2: Success - Vulnerabilities Found
strix --target example.com --non-interactive
echo $? # Output: 2
- Scan completed without errors
- All agents finished their work
- At least one vulnerability was reported
- Vulnerability reports saved to output directory
This is the key exit code for CI/CD integration - it allows pipelines to fail builds when security issues are found.
CI/CD usage:
# Fail build if vulnerabilities found
strix --target . --scan-mode quick --non-interactive
if [ $? -eq 2 ]; then
echo "✗ Security vulnerabilities found!"
echo "Review: strix_runs/*/vulnerabilities.md"
exit 1
fi
CI/CD Integration Examples
Basic Build Gate
#!/bin/bash
echo "Running security scan..."
strix --target . --scan-mode quick --non-interactive
EXIT_CODE=$?
case $EXIT_CODE in
0)
echo "✓ No vulnerabilities found"
exit 0
;;
1)
echo "✗ Scan failed with error"
exit 1
;;
2)
echo "✗ Vulnerabilities detected!"
echo "See scan results in strix_runs/"
exit 1
;;
esac
GitHub Actions
name: Security Scan
on:
pull_request:
branches: [ main ]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Strix Scan
env:
STRIX_LLM: ${{ secrets.STRIX_LLM }}
LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
run: |
pip install strix-agent
strix --target . --scan-mode quick --non-interactive
# This step automatically fails if exit code is 1 or 2
- name: Upload Results
if: failure() # Run even if scan found vulnerabilities
uses: actions/upload-artifact@v3
with:
name: security-scan-results
path: strix_runs/
GitLab CI
security_scan:
stage: test
script:
- pip install strix-agent
- strix --target $CI_PROJECT_DIR --scan-mode quick --non-interactive
variables:
STRIX_LLM: "openai/gpt-4"
LLM_API_KEY: $LLM_API_KEY
artifacts:
when: always
paths:
- strix_runs/
# Job fails on exit code 1 or 2
allow_failure: false
Jenkins
pipeline {
agent any
environment {
STRIX_LLM = 'openai/gpt-4'
}
stages {
stage('Security Scan') {
steps {
script {
def exitCode = sh(
script: 'strix --target . --scan-mode quick --non-interactive',
returnStatus: true
)
if (exitCode == 1) {
error('Security scan failed with error')
} else if (exitCode == 2) {
error('Security vulnerabilities found')
}
// exitCode == 0 continues normally
}
}
}
}
post {
always {
archiveArtifacts artifacts: 'strix_runs/**/*', allowEmptyArchive: true
}
}
}
CircleCI
version: 2.1
jobs:
security_scan:
docker:
- image: python:3.11
steps:
- checkout
- setup_remote_docker
- run:
name: Install Strix
command: pip install strix-agent
- run:
name: Security Scan
command: |
strix --target . --scan-mode quick --non-interactive
# Explicit exit code check
EXIT_CODE=$?
if [ $EXIT_CODE -eq 1 ]; then
echo "Scan error"
exit 1
elif [ $EXIT_CODE -eq 2 ]; then
echo "Vulnerabilities found"
exit 1
fi
- store_artifacts:
path: strix_runs/
Advanced Patterns
Warning Mode (Don’t Fail Build)
Allow vulnerabilities but warn:
strix --target . --non-interactive
if [ $? -eq 2 ]; then
echo "⚠️ Warning: Security vulnerabilities found"
echo "Review reports in strix_runs/"
# Don't exit - continue build
fi
Severity-Based Gating
Fail only on high/critical vulnerabilities:
strix --target . --non-interactive
if [ $? -eq 2 ]; then
# Check severity of vulnerabilities
CRITICAL=$(jq '[.[] | select(.severity == "critical")] | length' strix_runs/*/vulnerabilities.json)
HIGH=$(jq '[.[] | select(.severity == "high")] | length' strix_runs/*/vulnerabilities.json)
if [ $CRITICAL -gt 0 ] || [ $HIGH -gt 0 ]; then
echo "✗ Found $CRITICAL critical and $HIGH high severity vulnerabilities"
exit 1
else
echo "⚠️ Found only low/medium vulnerabilities - allowing build"
exit 0
fi
fi
Baseline Comparison
Fail only if new vulnerabilities are found:
# Save baseline
strix --target . --non-interactive
cp strix_runs/latest/vulnerabilities.json baseline.json
# Later: compare against baseline
strix --target . --non-interactive
if [ $? -eq 2 ]; then
# Compare current vs baseline
CURRENT_COUNT=$(jq 'length' strix_runs/latest/vulnerabilities.json)
BASELINE_COUNT=$(jq 'length' baseline.json)
if [ $CURRENT_COUNT -gt $BASELINE_COUNT ]; then
NEW_VULNS=$((CURRENT_COUNT - BASELINE_COUNT))
echo "✗ Found $NEW_VULNS new vulnerabilities"
exit 1
else
echo "No new vulnerabilities (existing: $BASELINE_COUNT)"
exit 0
fi
fi
Conditional Scanning
Run different scans based on branch:
#!/bin/bash
BRANCH=$(git rev-parse --abbrev-ref HEAD)
if [ "$BRANCH" = "main" ]; then
# Deep scan on main branch
echo "Running deep scan on main branch"
strix --target . --scan-mode deep --non-interactive
else
# Quick scan on feature branches
echo "Running quick scan on feature branch"
strix --target . --scan-mode quick --non-interactive
fi
EXIT_CODE=$?
if [ $EXIT_CODE -eq 1 ]; then
echo "Scan failed"
exit 1
elif [ $EXIT_CODE -eq 2 ]; then
# Strict on main, lenient on features
if [ "$BRANCH" = "main" ]; then
echo "Vulnerabilities not allowed on main branch"
exit 1
else
echo "Vulnerabilities found - review before merging"
exit 0
fi
fi
Exit Code in Interactive Mode
In interactive mode (default), Strix does not use exit code 2 for vulnerabilities:
# Interactive mode
strix --target example.com
# Always exits with 0 (success) or 1 (error)
# Never exits with 2, even if vulnerabilities found
- Interactive mode expects human supervision
- User manually quits when ready
- Vulnerabilities are shown in TUI during scan
- Exit code 2 is specifically for automation
Troubleshooting
Exit Code 1 Every Time
Problem: Scan always fails with exit code 1
Diagnosis:
strix --target . --non-interactive 2>errors.log
cat errors.log
- Missing environment variables
- LLM API key invalid or expired
- Docker not running
- Target not accessible
- Network connectivity issues
Exit Code 0 When Vulnerabilities Expected
Problem: Scan returns 0 but you expect vulnerabilities
Diagnosis:
# Check scan output
ls -la strix_runs/*/
cat strix_runs/*/vulnerabilities.json
# Run in interactive mode to see details
strix --target . --scan-mode deep
- Quick scan mode missed complex issues (try deep mode)
- Target has good security posture
- Scan needs more specific instructions
- Agent didn’t have enough time (check scan duration)
Can’t Capture Exit Code
Problem: Exit code always appears as 0 in shell script
Solutions:
# Capture immediately after command
strix --target . --non-interactive
EXIT_CODE=$?
echo "Exit code: $EXIT_CODE"
# Don't run other commands before capturing
# Wrong:
strix --target . --non-interactive
echo "Done" # This resets $?
EXIT_CODE=$? # Now captures echo's exit code (0)
Best Practices
Always Archive Results
# GitHub Actions
- name: Upload Results
if: always() # Run even on failure
uses: actions/upload-artifact@v3
with:
name: security-results
path: strix_runs/
Provide Clear Error Messages
strix --target . --non-interactive
case $? in
0) echo "✓ Security scan passed - no vulnerabilities found" ;;
1) echo "✗ Security scan failed - check logs for errors" ; exit 1 ;;
2)
echo "✗ Security vulnerabilities detected:"
jq -r '.[] | " - [\(.severity | ascii_upcase)] \(.title)"' strix_runs/*/vulnerabilities.json
exit 1
;;
esac
Use Non-Zero Exit for Both Errors and Vulnerabilities
# Treat both exit code 1 and 2 as failures
strix --target . --non-interactive || exit 1
Set Timeouts
# GitHub Actions
- name: Security Scan
timeout-minutes: 30 # Prevent hanging builds
run: strix --target . --scan-mode quick --non-interactive
See Also