Quickstart
Get your first scan running in 5 minutes. Pick the path that fits your workflow: GitHub Action (recommended for CI) or CLI (recommended for local scans).
Path A โ GitHub Action (5 minutes)
This is the fastest path. Add one YAML file to your repo and every PR gets an AI security scan with a sticky comment showing findings.
Step 1: Create the workflow file
name: Nixer AI Security Scan on: pull_request: push: branches: [main] permissions: contents: read security-events: write # for SARIF upload pull-requests: write # for PR comments jobs: nixer: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: Polsia-Inc/nixer-action@v1 with: api-key: ${{ secrets.NIXER_API_KEY }} github-token: ${{ secrets.GITHUB_TOKEN }} severity-threshold: high # fail on high+critical fail-on-findings: true
Step 2: Add your API key
Go to GitHub repo โ Settings โ Secrets โ Actions โ New repository secret. Name it NIXER_API_KEY. Get your key from the Nixer dashboard (free tier included).
Step 3: Open a pull request
Push any branch and open a PR. Nixer will scan the repo, post a sticky PR comment with findings, and optionally fail the check. That's it.
Path B โ CLI (local scan)
Run Nixer directly from your terminal against any GitHub repo or local directory.
Step 1: Install
# Use npx (no install required) npx nixer scan https://github.com/your-org/your-repo # Or install globally npm install -g nixer nixer scan https://github.com/your-org/your-repo
Step 2: Set your API key (optional for free tier)
# Set via environment variable export NIXER_API_KEY=your-key-here # Or pass inline NIXER_API_KEY=your-key npx nixer scan github.com/your-org/your-repo
Step 3: Read your results
The CLI polls until the scan completes, then prints a summary. Pass --format sarif to get a SARIF file or --format json for machine-readable JSON.
# Default: pretty-printed table npx nixer scan https://github.com/your-org/repo # SARIF output (for GitHub Code Scanning upload) npx nixer scan https://github.com/your-org/repo --format sarif > results.sarif # JSON output (for scripting) npx nixer scan https://github.com/your-org/repo --format json | jq .findings
Try the playground first
Not ready to connect a real repo? The Nixer playground lets you scan any public GitHub repo instantly โ no account required. Use it to see what a real scan looks like before you integrate.
Edit this page on GitHub