Skip to main content
Strix offers three scan modes to balance speed and thoroughness.

Quick

strix --target ./app --scan-mode quick
Fast checks for obvious vulnerabilities. Best for:
  • CI/CD pipelines
  • Pull request validation
  • Rapid smoke tests
Duration: Minutes

Standard

strix --target ./app --scan-mode standard
Balanced testing for routine security reviews. Best for:
  • Regular security assessments
  • Pre-release validation
  • Development milestones
Duration: 30 minutes to 1 hour White-box behavior: Uses source-aware mapping and static triage to prioritize dynamic exploit validation paths.

Deep

strix --target ./app --scan-mode deep
Thorough penetration testing. Best for:
  • Comprehensive security audits
  • Pre-production reviews
  • Critical application assessments
Duration: 1-4 hours depending on target complexity White-box behavior: Runs broad source-aware triage (semgrep, AST structural search, secrets, supply-chain checks) and then systematically validates top candidates dynamically.
Deep mode is the default. It explores edge cases, chained vulnerabilities, and complex attack paths.

Choosing a Mode

ScenarioRecommended Mode
Every PRQuick
Weekly scansStandard
Before major releaseDeep
Bug bounty huntingDeep