CLI Overview
The Inkog CLI is a lightweight, stateless security scanner for AI agent code. It detects vulnerabilities locally and performs deep analysis via the Inkog API.
Installation
One-Line Install (Recommended)
curl -fsSL https://inkog.io/install.sh | shGo Install
go install github.com/inkog-io/inkog/cmd/inkog@latest
# If you get a "module not found" error:
GOPROXY=direct go install github.com/inkog-io/inkog/cmd/inkog@latestHomebrew
brew tap inkog-io/inkog
brew install inkogBinary Download
Download the latest release from GitHub Releases .
API Key Setup
An API key is required for all scans. Get your free key at app.inkog.io .
export INKOG_API_KEY=sk_live_your_key_hereQuick Start
Scan your current directory:
inkog .Scan a specific path with JSON output:
inkog -output json ./srcScan with minimum severity threshold:
inkog -severity high ./agentsHow It Works
Inkog uses a hybrid privacy model:
- Local Detection - Secrets are detected and redacted locally before any data leaves your machine
- Server Analysis - Only redacted code is sent for deep AST analysis and vulnerability detection
- Merged Results - Local and server findings are combined into a unified report
Your secrets never leave your machine. The server only receives sanitized code with [REDACTED-API_KEY] placeholders.
Architecture
┌─────────────────┐ ┌─────────────────┐
│ Your Code │────▶│ Local Scanner │
└─────────────────┘ │ (Secrets) │
└────────┬────────┘
│ Redacted
▼
┌─────────────────┐
│ Inkog Server │
│ (AST Analysis) │
└────────┬────────┘
│
▼
┌─────────────────┐
│ Unified Report │
└─────────────────┘Next Steps
- Commands - Full command reference
- Output Formats - JSON, Text, and HTML output
- Environment Variables - Configuration options
- CI/CD Integration - GitHub Actions, GitLab CI, and more
Last updated on