Open-source · Apache-2.0 · Offline-first

The security scanner that understands your AI app.

For teams shipping LLM features — `chat.completions.create`, RAG ingest, agents with tool calls, MCP servers — Nox catches what every other scanner misses, plus secrets, deps, IaC, and containers in one deterministic pass.

Prompt injection at the call site (OWASP LLM01)
Embedding leakage when secrets / PII reach vector stores (LLM06)
Agent over-privilege when `file_read` + `http_request` share an agent context (LLM07)
Cross-file AI taint — `request.json` → service hop → `chat.completions.create` across functions and files
Cosign-signed plugin marketplace — every official plugin verified via Sigstore keyless OIDC

Install in 30 seconds Star on GitHub

Platform snapshot

Security rules

717

Plugins

Verified in marketplace

Output formats

$ brew install nox
$ nox scan .

Sigstore
GitHub Actions
MCP
SARIF
CycloneDX
SPDX
OWASP LLM Top 10
OWASP Agentic

Cosign-signed plugin marketplace

Plugins you can trust by default.

Every plugin in the official registry ships with a Sigstore keyless signature tied to its release.yml workflow. Nox refuses install on unsigned drops unless you explicitly relax the policy. Trust chain: `cosign(checksums.txt) ⇒ tarball SHA-256 ⇒ registry digest`.

nox/container ✓ Verified

Dockerfile linting, image vulnerability scanning, container SBOM (22 rules)

nox/sast ✓ Verified

Language-specific vulnerability detection (SQL injection, XSS, path traversal) — 10 rules

nox/reachability ✓ Verified

Multi-language reachability for VULN findings (Go, PyPI, npm, Cargo, Maven, RubyGems, NuGet)

nox/taint-analysis ✓ Verified

Cross-file & interprocedural taint flow including AI source-to-sink (TAINT-001..007 + TAINT-AI-001/002)

nox/api-abuse ✓ Verified

API authorization testing (BOLA, BFLA, rate-limit) — 5 rules

nox/attack-surface ✓ Verified

Static endpoint extraction and exposure mapping (Go, Python, JS/TS frameworks)

nox/dast ✓ Verified

DAST web/API probes — HTTP misconfig (DAST-001..006) plus opt-in AI-DAST: prompt injection, system prompt leak, tool smuggling, cost amplification (DAST-007..010)

nox/k8s-runtime ✓ Verified

Live Kubernetes cluster security scanning (KRUNT-001..008)

nox/red-team ✓ Verified

Attack chain analysis and HTTP validation (REDTEAM-001..010)

nox/ai-eval ✓ Verified

Adversarial prompt corpus runner — jailbreak / system-leak / role-confusion / tool-misuse against a chat endpoint (AI-EVAL-001..004)

nox/depconfusion ✓ Verified

Dependency confusion detection and prevention across npm, PyPI, RubyGems, Maven

nox/baseline-mgmt ✓ Verified

Finding baseline snapshots, diff, and triage — brownfield migration enabler

nox/policy-gate ✓ Verified

Policy evaluation and CI gate (pass/fail) — 5 rules

nox/grc ✓ Verified

GRC compliance assessment across 12 frameworks (SOC2, ISO 27001, GDPR, FedRAMP L/M/H, HIPAA, PCI-DSS, NIST 800-53, NIST CSF, CIS v8, CMMC)

nox/threat-explain ✓ Verified

LLM-enhanced finding explanations and impact analysis (8 rules + LLM)

nox/threat-model ✓ Verified

STRIDE-based auto-modeling with optional AI threat generation (5 rules + LLM)

nox/risk-score ✓ Verified

EPSS / KEV vulnerability prioritization and severity scoring

nox/threat-enrich ✓ Verified

CVE enrichment, CWE mapping, and MITRE ATT&CK correlation (13 rules)

nox/triage-agent ✓ Verified

LLM-powered finding prioritization and false-positive reduction (4 rules + 7-provider LLM: openai, anthropic, gemini, ollama, cohere, bedrock, copilot)

Detection coverage

What Nox detects

Five analyzer suites covering the full attack surface of modern applications.

160 Secrets

API keys, tokens, and credentials across major cloud, SaaS, and CI providers with pattern + entropy detection.

21 AI Security

Prompt injection at the call site, embedding leakage, agent over-privilege, MCP hardening, AI taint flow — full OWASP LLM Top 10 + Agentic coverage.

369 Infrastructure

Terraform, Kubernetes, Docker, GitHub Actions, Helm, Ansible, Kustomize, Serverless, plus cross-resource graph analysis.

SCA Dependencies

OSV.dev vulnerability lookups + reachability filtering + license compliance across 7 ecosystems.

12 Data Protection

PII detection for email, SSN, credit card, phone numbers, and healthcare identifiers.

90-second tour

See what Nox catches.

A short walkthrough of the marketplace, the comparison pages, and the trust model. No audio — keep your headphones on whatever you were already listening to.

In action

Fast, focused output

Nox completes a full scan in seconds and writes machine-readable artifacts. No configuration required for a first run.

Terminal

$ nox scan .
nox — scanning .

[discover] 847 files, 12 lockfiles, 3 AI components
[analyze] secrets, iac, deps, ai, data
[results] 12 findings (3 suppressed), 47 dependencies, 3 AI components
[done] wrote findings.json, results.sarif, sbom.cdx.json

$ nox plugin install nox/reachability
Trust: community (signer: cosign-keyless:.../release.yml@.*)
Installed nox/reachability@0.6.5 (community)

Deterministic by design

Same inputs produce same outputs across local development and CI. No hidden state, no external service dependencies, no flaky results.

AI security is not an afterthought

First-class OWASP LLM Top 10 and OWASP Agentic coverage alongside traditional AppSec. Prompt injection, tool safety, and model provenance are built into the core engine.

Agent-native via MCP

Built-in MCP server with 10 read-only tools and 5 resources. AI agents can query scan results safely without write access or code execution.

Standard artifacts

Six output formats, zero vendor lock-in

Every scan produces standard artifacts that integrate with existing security tooling and compliance workflows.

findings.json JSON

Canonical findings schema for automation

results.sarif SARIF

GitHub Code Scanning compatible (SARIF 2.1.0)

sbom.cdx.json CycloneDX

Primary SBOM format with vulnerability data

sbom.spdx.json SPDX

Secondary SBOM format for license compliance

report.html HTML

Standalone dark-theme dashboard with filtering

ai.inventory.json AI Inventory

AI component inventory with provenance

Adoption workflow

From first scan to full enforcement in three steps.

Install and scan

brew install nox
nox scan .

Declare plugins (.nox.yaml)

# .nox.yaml — package.json for security
plugins:
  required:
    - nox/reachability
    - nox/taint-analysis
    - nox/grc

# Anyone cloning your repo gets the right
# verified plugins on first scan.

Enforce in CI

- uses: nox-hq/nox@v0.9.5
  with:
    path: '.'
    format: sarif
    annotate: 'true'
- uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: results.sarif

Open source under Apache 2.0

Nox is free to use, modify, and distribute. Contributions welcome.

Get Started Star on GitHub