Getting Started
Installation
Section titled “Installation”Using Go (Recommended)
Section titled “Using Go (Recommended)”go install github.com/varalys/redactyl@latestredactyl --helpUsing Homebrew (macOS/Linux)
Section titled “Using Homebrew (macOS/Linux)”brew install varalys/tap/redactylFrom Source
Section titled “From Source”git clone https://github.com/varalys/redactyl.gitcd redactylmake build./bin/redactyl --versionTip: Add the local bin/ to PATH for this shell:
export PATH="$PWD/bin:$PATH"Quick Start
Section titled “Quick Start”Interactive Scan (Default)
Section titled “Interactive Scan (Default)”Navigate to any project directory and run:
redactyl scanThis opens the interactive TUI where you can browse findings, filter by severity, and take action on secrets. The TUI provides:
- Real-time findings with severity color-coding
- Vim-style navigation with search, filter, and grouping
- Syntax-highlighted context preview
- Quick actions: open in editor, baseline, ignore, export
- Virtual file extraction from archives
- Diff view to compare scans
CI/CD Mode (Non-Interactive)
Section titled “CI/CD Mode (Non-Interactive)”For CI/CD pipelines, disable the TUI:
redactyl scan --no-tuiWith Guidance
Section titled “With Guidance”Get suggested remediation commands:
redactyl scan --guide --no-tuiOutput Formats
Section titled “Output Formats”JSON Output
Section titled “JSON Output”redactyl scan --json # Auto-disables TUISARIF Output (for GitHub Code Scanning)
Section titled “SARIF Output (for GitHub Code Scanning)”redactyl scan --sarif > redactyl.sarif.jsonText-Only Format
Section titled “Text-Only Format”redactyl scan --text --no-tuiScope Control
Section titled “Scope Control”Control what gets scanned:
# Staged changes onlyredactyl scan --staged
# Last N commitsredactyl scan --history 5
# Diff vs base branchredactyl scan --base mainDeep Artifact Scanning
Section titled “Deep Artifact Scanning”Scan containers, Helm charts, and archives. The artifacts that actually run in production:
# Scan container imagesredactyl scan --containers
# Scan Helm chartsredactyl scan --helm
# Scan Kubernetes manifestsredactyl scan --k8s
# Scan everythingredactyl scan --archives --containers --helm --k8sNext Steps
Section titled “Next Steps”- Configuration - Set up
.redactyl.ymlfor your project - Deep Scanning Guide - Learn about artifact scanning and guardrails
- GitHub Actions - Add scanning to your CI/CD pipeline
- Registry Scanning - Scan remote container images