Docsโ€บQuickstart
Getting Started

Quickstart

Get your first scan running in 5 minutes. Pick the path that fits your workflow: GitHub Action (recommended for CI) or CLI (recommended for local scans).

๐Ÿ’ก
Already set up? Jump to the Action reference or configuration schema.

Path A โ€” GitHub Action (5 minutes)

This is the fastest path. Add one YAML file to your repo and every PR gets an AI security scan with a sticky comment showing findings.

Step 1: Create the workflow file

.github/workflows/nixer.yml
name: Nixer AI Security Scan

on:
  pull_request:
  push:
    branches: [main]

permissions:
  contents: read
  security-events: write  # for SARIF upload
  pull-requests: write   # for PR comments

jobs:
  nixer:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: Polsia-Inc/nixer-action@v1
        with:
          api-key: ${{ secrets.NIXER_API_KEY }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          severity-threshold: high     # fail on high+critical
          fail-on-findings: true

Step 2: Add your API key

Go to GitHub repo โ†’ Settings โ†’ Secrets โ†’ Actions โ†’ New repository secret. Name it NIXER_API_KEY. Get your key from the Nixer dashboard (free tier included).

Step 3: Open a pull request

Push any branch and open a PR. Nixer will scan the repo, post a sticky PR comment with findings, and optionally fail the check. That's it.

โœ…
What you get: A sticky PR comment with severity breakdown, top-5 findings with file:line links, and per-finding remediation in collapsibles. SARIF results automatically uploaded to GitHub Code Scanning.

Path B โ€” CLI (local scan)

Run Nixer directly from your terminal against any GitHub repo or local directory.

Step 1: Install

terminal
# Use npx (no install required)
npx nixer scan https://github.com/your-org/your-repo

# Or install globally
npm install -g nixer
nixer scan https://github.com/your-org/your-repo

Step 2: Set your API key (optional for free tier)

terminal
# Set via environment variable
export NIXER_API_KEY=your-key-here

# Or pass inline
NIXER_API_KEY=your-key npx nixer scan github.com/your-org/your-repo

Step 3: Read your results

The CLI polls until the scan completes, then prints a summary. Pass --format sarif to get a SARIF file or --format json for machine-readable JSON.

terminal
# Default: pretty-printed table
npx nixer scan https://github.com/your-org/repo

# SARIF output (for GitHub Code Scanning upload)
npx nixer scan https://github.com/your-org/repo --format sarif > results.sarif

# JSON output (for scripting)
npx nixer scan https://github.com/your-org/repo --format json | jq .findings

Try the playground first

Not ready to connect a real repo? The Nixer playground lets you scan any public GitHub repo instantly โ€” no account required. Use it to see what a real scan looks like before you integrate.

Edit this page on GitHub