63 lines
1.4 KiB
Plaintext
63 lines
1.4 KiB
Plaintext
---
|
|
title: "Scan Modes"
|
|
description: "Choose the right scan depth for your use case"
|
|
---
|
|
|
|
Strix offers three scan modes to balance speed and thoroughness.
|
|
|
|
## Quick
|
|
|
|
```bash
|
|
strix --target ./app --scan-mode quick
|
|
```
|
|
|
|
Fast checks for obvious vulnerabilities. Best for:
|
|
- CI/CD pipelines
|
|
- Pull request validation
|
|
- Rapid smoke tests
|
|
|
|
**Duration**: Minutes
|
|
|
|
## Standard
|
|
|
|
```bash
|
|
strix --target ./app --scan-mode standard
|
|
```
|
|
|
|
Balanced testing for routine security reviews. Best for:
|
|
- Regular security assessments
|
|
- Pre-release validation
|
|
- Development milestones
|
|
|
|
**Duration**: 30 minutes to 1 hour
|
|
|
|
**White-box behavior**: Uses source-aware mapping and static triage to prioritize dynamic exploit validation paths.
|
|
|
|
## Deep
|
|
|
|
```bash
|
|
strix --target ./app --scan-mode deep
|
|
```
|
|
|
|
Thorough penetration testing. Best for:
|
|
- Comprehensive security audits
|
|
- Pre-production reviews
|
|
- Critical application assessments
|
|
|
|
**Duration**: 1-4 hours depending on target complexity
|
|
|
|
**White-box behavior**: Runs broad source-aware triage (`semgrep`, AST structural search, secrets, supply-chain checks) and then systematically validates top candidates dynamically.
|
|
|
|
<Note>
|
|
Deep mode is the default. It explores edge cases, chained vulnerabilities, and complex attack paths.
|
|
</Note>
|
|
|
|
## Choosing a Mode
|
|
|
|
| Scenario | Recommended Mode |
|
|
|----------|------------------|
|
|
| Every PR | Quick |
|
|
| Weekly scans | Standard |
|
|
| Before major release | Deep |
|
|
| Bug bounty hunting | Deep |
|