Open-source Rust security tooling

Nyx

Local-first security scanning for developers.

Find source-to-sink attack paths, inspect evidence in a browser UI, and keep triage decisions with your code.

Get started View on GitHub

Runs locally with no account
Source-to-sink taint analysis
Browser triage UI
SARIF and GitHub Actions

What it does

Security findings you can inspect.

Nyx focuses static application security testing on evidence developers can review, reproduce, and carry with the repository.

Local-first

Runs on your machine. No account required. No source upload required.

Evidence-based findings

Shows source, sink, severity, confidence, and the path that connects them.

Browser triage UI

Review findings locally, track decisions, and commit triage state with the repo.

CI-ready

Export SARIF, run in GitHub Actions, and gate builds on security findings.

Local review

Scan in the CLI. Review in the browser.

The same local engine runs in your terminal and in CI. After a scan, nyx serve opens the browser triage UI for findings, source context, and review state.

Nyx CLI scan showing local source-to-sink findings and security output — Scan locally in the CLI, then inspect source-to-sink evidence and triage findings in the Nyx UI.

Install

Start with Cargo.

Install the crate, scan a repository, then open the local review UI.

cargo install nyx-scanner
nyx scan
nyx serve

crates.io package installation docs GitHub releases

Why Nyx exists

Private code should stay private.

Most security scanners either hide too much behind a service or stop at static warnings that are hard to trust. Nyx is built around local analysis, visible evidence, and developer-owned triage.

Nyx starts with static source-to-sink analysis and is designed to grow toward verified attack-path testing without requiring teams to upload private code.

Project links

Read, install, contribute, support.

GitHub repo Source, issues, actions, and releases. Docs mdBook for the CLI, output formats, configuration, and UI. Rustdocs API reference for the nyx_scanner crate. crates.io Install Nyx with Cargo. Releases Pre-built binaries and release notes. Issues Report bugs, crashes, or suspicious scan results. Roadmap Current focus and longer-term direction. Security policy Private vulnerability reporting and supported versions. Support GitHub Sponsors for open-source maintenance.