Skip to Content
Free during beta·npx -y @inkog-io/cli scan .·Get API Key →
Getting StartedQuickstart

Quickstart

Get Inkog scanning your AI agent codebase in under 60 seconds.

The fastest way to try Inkog — no install required. Just run npx -y @inkog-io/cli scan . in your project directory.

Scan with npx (No Install)

Run a scan instantly with Node.js:

npx -y @inkog-io/cli scan .

This downloads the Inkog CLI on first run and caches it for future use. No global install needed.

Or Install Permanently

curl -fsSL https://inkog.io/install.sh | sh

See Installation for Homebrew, Go, and other methods.

Get Your API Key

  1. Sign up at app.inkog.io  (free, 30 seconds)
  2. Generate an API key from your dashboard
  3. Set it in your environment:
export INKOG_API_KEY=sk_live_your_key_here

Without an API key, Inkog runs a free preview scan on a single file so you can see it in action.

One-Command Scan

Terminal
$inkog scan .
Inkog v1.0.0 - AI Agent Pre-Flight Check Scanning ./... Analyzing Python files: 24 files Analyzing JavaScript files: 12 files Building IR graph... CRITICAL INKOG-001 Prompt injection via user input src/agent.py:42 User input directly concatenated into LLM prompt HIGH INKOG-003 Memory poisoning vector src/memory.py:89 Unvalidated data stored in persistent memory MEDIUM INKOG-007 Chain-of-thought leakage src/chain.py:156 Internal reasoning exposed in response Found 3 issues (1 critical, 1 high, 1 medium) Scan completed in 2.3s

What Just Happened?

  1. Code Scanned: Inkog reads your local directory
  2. Secrets Redacted: Any credentials are redacted locally before upload (privacy first!)
  3. IR Generation: Inkog converts your code into our Universal IR (Intermediate Representation)
  4. Pattern Matching: Security rules are applied against the normalized IR
  5. Taint Analysis: Data flow is traced from sources (user input) to sinks (LLM calls)
  6. Report Generated: Findings are reported with file locations and remediation hints

Output Formats

SARIF (for CI/CD integration)

Terminal
$inkog scan . -output sarif > results.sarif

JSON (for programmatic processing)

Terminal
$inkog scan . -output json > results.json

Filter by Severity

Only show critical and high severity issues:

Terminal
$inkog scan . -severity critical,high

Security Policies

Filter findings by security policy:

# Low noise - only high-confidence findings
inkog scan . -policy low-noise
 
# Governance-focused (Article 14 controls)
inkog scan . -policy governance
 
# EU AI Act compliance
inkog scan . -policy eu-ai-act

Next Steps

Installation Options

Install Inkog via Homebrew, Go, or download binaries directly.

Learn more

Configuration

Customize Inkog with configuration files, rule exclusions, and CI integration.

Learn more
Last updated on
PlatformInstallation