apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
Multi-language static analysis with cross-file taint tracking. Scan your repo, triage findings in your browser, commit triage state with your code. No cloud, no account. https://nyxscan.dev/
45 commits 4 branches 10 tags 272 MiB
Find a file
Exact
elipeter e309b956c3 Enhance release build workflow with improved binary path resolution and error messaging
2025-06-24 22:28:47 +02:00
.github/workflows Enhance release build workflow with improved binary path resolution and error messaging 2025-06-24 22:28:47 +02:00
src Update default configuration handling and integrate NyxResult into config.rs 2025-06-24 21:43:26 +02:00
.gitignore Add .idea to .gitignore to ignore IDE-specific files 2025-06-16 23:51:36 +02:00
Cargo.lock Add Ruby AST support using tree-sitter-ruby 2025-06-24 18:53:31 +02:00
Cargo.toml Add Ruby AST support using tree-sitter-ruby 2025-06-24 18:53:31 +02:00
default-nyx.conf Update default configuration handling and integrate NyxResult into config.rs 2025-06-24 21:43:26 +02:00
README.md Expand README with detailed project description, features, usage examples, configuration guide, and license section. Add new TypeScript vulnerability patterns to improve scanning capabilities. 2025-06-17 11:20:19 +02:00

README.md

Nyx - Lightweight Multi-Language Vulnerability Scanner

Nyx is a lightweight Rust CLI tool for scanning code across multiple programming languages to detect potential vulnerabilities and code quality issues. It works by converting source code to Abstract Syntax Trees (ASTs), analyzing control flow graphs, performing taint analysis, and searching for common vulnerability patterns.

Features

  • Fast and Lightweight: Written in Rust for optimal performance
  • Multi-Language Support: Scans code in multiple programming languages
  • AST-Based Analysis: Uses tree-sitter for accurate code parsing
  • Project Indexing: Maintains an index to avoid rescanning unchanged files
  • Configurable: Extensive configuration options for customizing scans
  • Multiple Output Formats: Supports table, JSON, CSV, and SARIF output formats

Installation

From Source

# Clone the repository
git clone https://github.com/yourusername/nyx.git
cd nyx

# Build the project
cargo build --release

# Install the binary
cargo install --path .

Usage

Basic Scanning

# Scan the current directory
nyx scan

# Scan a specific directory
nyx scan /path/to/project

# Scan with specific output format
nyx scan --format json

# Scan only for high severity issues
nyx scan --high-only

Managing Project Indexes

# Build or update index for current project
nyx index build

# Force rebuild index
nyx index build --force

# Show index status
nyx index status

# List all indexed projects
nyx list

# List all indexed projects with details
nyx list --verbose

# Remove a project from index
nyx clean project-name

# Clean all projects
nyx clean --all

Supported Languages

Nyx currently supports scanning code in the following languages:

  • Rust
  • C
  • C++
  • Java
  • Go
  • PHP
  • Python
  • TypeScript
  • JavaScript

How It Works

  1. Code Traversal: Nyx walks through your project's directory structure, respecting ignore files and exclusion patterns.

  2. AST Generation: For each supported file, Nyx uses tree-sitter to parse the code into an Abstract Syntax Tree (AST).

  3. Pattern Matching: Nyx applies language-specific vulnerability patterns to the AST to identify potential issues.

  4. Control Flow Analysis: (Planned) Nyx will convert ASTs to control flow graphs for more sophisticated analysis.

  5. Taint Analysis: (Planned) Nyx will track the flow of untrusted data through your application.

  6. Reporting: Issues are reported with severity levels, file locations, and descriptions.

Configuration

Nyx uses a configuration system with defaults that can be overridden by a user-specific configuration file. The configuration file is located at:

  • Linux/macOS: ~/.config/nyx/nyx.local
  • Windows: C:\Users\<username>\AppData\Roaming\ecpeter23\nyx\config\nyx.local

Example configuration:

[scanner]
min_severity = "Medium"
follow_symlinks = true

[output]
default_format = "json"
color_output = true

[performance]
worker_threads = 8

License

[Add your license information here]

Contributing

[Add contribution guidelines here]