docs: add documentation to main repository

2026-01-20 21:08:29 -08:00
parent b456a4ed8c
commit 25ac2f1e08
29 changed files with 1579 additions and 0 deletions
--- a/docs/integrations/ci-cd.mdx
+++ b/docs/integrations/ci-cd.mdx
@@ -0,0 +1,80 @@
+---
+title: "CI/CD Integration"
+description: "Run Strix in any CI/CD pipeline"
+---
+
+Strix runs in headless mode for automated pipelines.
+
+## Headless Mode
+
+Use the `-n` or `--non-interactive` flag:
+
+```bash
+strix -n --target ./app --scan-mode quick
+```
+
+## Exit Codes
+
+| Code | Meaning |
+|------|---------|
+| 0 | No vulnerabilities found |
+| 1 | Execution error |
+| 2 | Vulnerabilities found |
+
+## GitLab CI
+
+```yaml .gitlab-ci.yml
+security-scan:
+  image: docker:latest
+  services:
+    - docker:dind
+  variables:
+    STRIX_LLM: $STRIX_LLM
+    LLM_API_KEY: $LLM_API_KEY
+  script:
+    - curl -sSL https://strix.ai/install | bash
+    - strix -n -t ./ --scan-mode quick
+```
+
+## Jenkins
+
+```groovy Jenkinsfile
+pipeline {
+    agent any
+    environment {
+        STRIX_LLM = credentials('strix-llm')
+        LLM_API_KEY = credentials('llm-api-key')
+    }
+    stages {
+        stage('Security Scan') {
+            steps {
+                sh 'curl -sSL https://strix.ai/install | bash'
+                sh 'strix -n -t ./ --scan-mode quick'
+            }
+        }
+    }
+}
+```
+
+## CircleCI
+
+```yaml .circleci/config.yml
+version: 2.1
+jobs:
+  security-scan:
+    docker:
+      - image: cimg/base:current
+    steps:
+      - checkout
+      - setup_remote_docker
+      - run:
+          name: Install Strix
+          command: curl -sSL https://strix.ai/install | bash
+      - run:
+          name: Run Scan
+          command: strix -n -t ./ --scan-mode quick
+```
+
+<Note>
+All CI platforms require Docker access. Ensure your runner has Docker available.
+</Note>
--- a/docs/integrations/github-actions.mdx
+++ b/docs/integrations/github-actions.mdx
@@ -0,0 +1,60 @@
+---
+title: "GitHub Actions"
+description: "Run Strix security scans on every pull request"
+---
+
+Integrate Strix into your GitHub workflow to catch vulnerabilities before they reach production.
+
+## Basic Workflow
+
+```yaml .github/workflows/security.yml
+name: Security Scan
+
+on:
+  pull_request:
+
+jobs:
+  strix-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Strix
+        run: curl -sSL https://strix.ai/install | bash
+
+      - name: Run Security Scan
+        env:
+          STRIX_LLM: ${{ secrets.STRIX_LLM }}
+          LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
+        run: strix -n -t ./ --scan-mode quick
+```
+
+## Required Secrets
+
+Add these secrets to your repository:
+
+| Secret | Description |
+|--------|-------------|
+| `STRIX_LLM` | Model name (e.g., `openai/gpt-5`) |
+| `LLM_API_KEY` | API key for your LLM provider |
+
+## Exit Codes
+
+The workflow fails when vulnerabilities are found:
+
+| Code | Result |
+|------|--------|
+| 0 | Pass — No vulnerabilities |
+| 2 | Fail — Vulnerabilities found |
+
+## Scan Modes for CI
+
+| Mode | Duration | Use Case |
+|------|----------|----------|
+| `quick` | Minutes | Every PR |
+| `standard` | ~30 min | Nightly builds |
+| `deep` | 1-4 hours | Release candidates |
+
+<Tip>
+Use `quick` mode for PRs to keep feedback fast. Schedule `deep` scans nightly.
+</Tip>