NOX logo NOX
GitHub

Get started

From install to enforcement in minutes.

Start with the smallest useful workflow, then add CI enforcement and plugins incrementally.

01

Install

Choose the install method that fits your environment.

Homebrew

brew install nox

Go

go install github.com/nox-hq/nox/cli@latest

Docker

docker run --rm -v $(pwd):/workspace ghcr.io/nox-hq/nox scan /workspace

Build from source

git clone https://github.com/nox-hq/nox.git
cd nox && go build -o nox ./cli
02

First scan

Run a full scan with zero configuration. Nox auto-discovers files, lockfiles, and AI components.

nox scan .
nox v0.6.0 — scanning .
[results] 12 findings, 47 dependencies, 3 AI components
[done] wrote findings.json
03

CI integration

Add Nox to your GitHub Actions workflow with SARIF upload for Code Scanning alerts.

name: Security Scan
on: [push, pull_request]
jobs:
  nox:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run NOX
        uses: nox-hq/nox-action@v1
        with:
          args: scan . --format sarif --output results.sarif
      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif
04

Dashboard

Generate a standalone HTML report for visual inspection and team review.

nox scan . --format html --output report.html
nox dashboard .
05

Configure

Create a .nox.yaml to customize severity thresholds, rule overrides, and output paths.

# .nox.yaml
severity: medium
formats:
  - json
  - sarif
  - cdx
output: reports/
rules:
  SEC-042:
    severity: critical
  IAC-101:
    enabled: false
suppress:
  - id: SEC-007
    reason: "Test credential, rotated weekly"
    expires: "2026-06-01"
06

Extend with plugins

Install plugins for deeper analysis across 9 specialized security tracks.

nox plugin install nox/sast
nox plugin install nox/grc
nox plugin install nox/k8s-runtime
nox plugin list
nox scan . --plugins all