Quick Start Guide
Get up and running with CXRay in minutes.
Your First Scan
After installing CXRay, you can perform your first security scan with just a few commands.
1. Initialize CXRay
cxray init
This command will:
- Create a default configuration file
- Download the latest vulnerability databases
- Set up the local cache directory
2. Scan a Project
Navigate to your project directory and run:
cxray scan .
CXRay will analyze your project for:
- Known vulnerabilities (CVE)
- Configuration issues (CCE)
- Dependencies and generate SBOM
- Critical security misconfigurations
3. View Results
The scan results will be displayed in the terminal. You can also generate a detailed report:
cxray report --format html --output report.html
Common Scan Options
Scan Specific Components
# Scan only for CVEs
cxray scan --type cve .
# Scan for configuration issues
cxray scan --type cce .
# Generate SBOM only
cxray scan --type sbom .
Adjust Scan Severity
# Show only high and critical vulnerabilities
cxray scan --severity high,critical .
# Include all severity levels
cxray scan --severity all .
Export Results
# Export as JSON
cxray scan . --output json > results.json
# Export as SARIF (for GitHub integration)
cxray scan . --output sarif > results.sarif
Example Workflow
Here's a typical workflow for integrating CXRay into your CI/CD pipeline:
# 1. Install CXRay in your CI environment
curl -sSL https://get.cxray.io | sh
# 2. Run scan with fail threshold
cxray scan . --fail-on critical
# 3. Generate report for artifacts
cxray report --format html --output cxray-report.html
# 4. Upload SBOM to artifact repository
cxray scan --type sbom --output json > sbom.json
Next Steps
- Configuration Guide - Customize CXRay for your needs
- CVE Scanning - Deep dive into vulnerability scanning
- Jenkins Integration - Integrate with Jenkins CI/CD