strix/docs/integrations/ci-cd.mdx

---
title: "CI/CD Integration"
description: "Run Strix in any CI/CD pipeline"
---

Strix runs in headless mode for automated pipelines.

## Headless Mode

Use the `-n` or `--non-interactive` flag:

```bash
strix -n --target ./app --scan-mode quick
```

For pull-request style CI runs, Strix automatically scopes quick scans to changed files. You can force this behavior and set a base ref explicitly:

```bash
strix -n --target ./app --scan-mode quick --scope-mode diff --diff-base origin/main
```

## Exit Codes

| Code | Meaning |
|------|---------|
| 0 | No vulnerabilities found |
| 1 | Execution error |
| 2 | Vulnerabilities found |

## GitLab CI

```yaml .gitlab-ci.yml
security-scan:
  image: docker:latest
  services:
    - docker:dind
  variables:
    STRIX_LLM: $STRIX_LLM
    LLM_API_KEY: $LLM_API_KEY
  script:
    - curl -sSL https://strix.ai/install | bash
    - strix -n -t ./ --scan-mode quick
```

## Jenkins

```groovy Jenkinsfile
pipeline {
    agent any
    environment {
        STRIX_LLM = credentials('strix-llm')
        LLM_API_KEY = credentials('llm-api-key')
    }
    stages {
        stage('Security Scan') {
            steps {
                sh 'curl -sSL https://strix.ai/install | bash'
                sh 'strix -n -t ./ --scan-mode quick'
            }
        }
    }
}
```

## CircleCI

```yaml .circleci/config.yml
version: 2.1
jobs:
  security-scan:
    docker:
      - image: cimg/base:current
    steps:
      - checkout
      - setup_remote_docker
      - run:
          name: Install Strix
          command: curl -sSL https://strix.ai/install | bash
      - run:
          name: Run Scan
          command: strix -n -t ./ --scan-mode quick
```

<Note>
All CI platforms require Docker access. Ensure your runner has Docker available.
</Note>

<Tip>
If diff-scope fails in CI, fetch full git history (for example, `fetch-depth: 0` in GitHub Actions) so merge-base and branch comparison can be resolved.
</Tip>