ContextQMD
Back to Strix

Scan Modes

docs/usage/scan-modes.mdx

1.0.11.3 KB
Original Source

Strix offers three scan modes to balance speed and thoroughness.

Quick

bash
strix --target ./app --scan-mode quick

Fast checks for obvious vulnerabilities. Best for:

  • CI/CD pipelines
  • Pull request validation
  • Rapid smoke tests

Duration: Minutes

Standard

bash
strix --target ./app --scan-mode standard

Balanced testing for routine security reviews. Best for:

  • Regular security assessments
  • Pre-release validation
  • Development milestones

Duration: 30 minutes to 1 hour

White-box behavior: Uses source-aware mapping and static triage to prioritize dynamic exploit validation paths.

Deep

bash
strix --target ./app --scan-mode deep

Thorough penetration testing. Best for:

  • Comprehensive security audits
  • Pre-production reviews
  • Critical application assessments

Duration: 1-4 hours depending on target complexity

White-box behavior: Runs broad source-aware triage (semgrep, AST structural search, secrets, supply-chain checks) and then systematically validates top candidates dynamically.

<Note> Deep mode is the default. It explores edge cases, chained vulnerabilities, and complex attack paths. </Note>

Choosing a Mode

ScenarioRecommended Mode
Every PRQuick
Weekly scansStandard
Before major releaseDeep
Bug bounty huntingDeep