salvacybersec/strix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Implement diff-scope functionality for pull requests and CI integration

Browse Source
This commit is contained in:
bearsyankees
2026-02-16 23:16:04 -05:00
parent 365d51f52f
commit afb85c21b1
10 changed files with 807 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/integrations/ci-cd.mdx
View File

@@ -13,6 +13,12 @@ Use the `-n` or `--non-interactive` flag:
strix -n --target ./app --scan-mode quick
```
For pull-request style CI runs, Strix automatically scopes quick scans to changed files. You can force this behavior and set a base ref explicitly:
```bash
strix -n --target ./app --scan-mode quick --scope-mode diff --diff-base origin/main
```
## Exit Codes
| Code | Meaning |
@@ -78,3 +84,7 @@ jobs:
<Note>
All CI platforms require Docker access. Ensure your runner has Docker available.
</Note>
<Tip>
If diff-scope fails in CI, fetch full git history (for example, `fetch-depth: 0` in GitHub Actions) so merge-base and branch comparison can be resolved.
</Tip>

6
docs/integrations/github-actions.mdx
View File

@@ -18,6 +18,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Strix
run: curl -sSL https://strix.ai/install | bash
@@ -58,3 +60,7 @@ The workflow fails when vulnerabilities are found:
<Tip>
Use `quick` mode for PRs to keep feedback fast. Schedule `deep` scans nightly.
</Tip>
<Note>
For pull_request workflows, Strix automatically uses changed-files diff-scope in CI/headless runs. If diff resolution fails, ensure full history is fetched (`fetch-depth: 0`) or set `--diff-base`.
</Note>

11
docs/usage/cli.mdx
View File

@@ -27,6 +27,14 @@ strix --target <target> [options]
Scan depth: `quick`, `standard`, or `deep`.
</ParamField>
<ParamField path="--scope-mode" type="string" default="auto">
Code scope mode: `auto` (enable PR diff-scope in CI/headless runs), `diff` (force changed-files scope), or `full` (disable diff-scope).
</ParamField>
<ParamField path="--diff-base" type="string">
Target branch or commit to compare against (e.g., `origin/main`). Defaults to the repository's default branch.
</ParamField>
<ParamField path="--non-interactive, -n" type="boolean">
Run in headless mode without TUI. Ideal for CI/CD.
</ParamField>
@@ -50,6 +58,9 @@ strix --target api.example.com --instruction "Focus on IDOR and auth bypass"
# CI/CD mode
strix -n --target ./ --scan-mode quick
# Force diff-scope against a specific base ref
strix -n --target ./ --scan-mode quick --scope-mode diff --diff-base origin/main
# Multi-target white-box testing
strix -t https://github.com/org/app -t https://staging.example.com
```