Skip to Content
Getting StartedInstallation

Installation

Choose the installation method that works best for your workflow.

The simplest way to use Inkog. No dependencies required.

Terminal
$docker pull ghcr.io/inkog-io/inkog:latest

Usage

# Scan current directory
docker run -v $(pwd):/scan ghcr.io/inkog-io/inkog scan /scan
 
# Scan with specific config
docker run -v $(pwd):/scan -v $(pwd)/.inkog.yaml:/config/.inkog.yaml \
  ghcr.io/inkog-io/inkog scan /scan --config /config/.inkog.yaml

The Docker image includes all supported language parsers and is the most portable option.

Homebrew (macOS/Linux)

brew tap inkog-io/tap
brew install inkog

Verify Installation

Terminal
$inkog --version
inkog version 1.0.0 (darwin/arm64)

Go Install

Requires Go 1.21 or later.

Terminal
$go install github.com/inkog-io/inkog@latest

Ensure $GOPATH/bin is in your PATH.

Build from Source

# Clone repository
git clone https://github.com/inkog-io/inkog.git
cd inkog
 
# Build
go build -o inkog ./cmd/inkog
 
# Install to PATH
sudo mv inkog /usr/local/bin/

GitHub Action

Add Inkog to your CI pipeline:

.github/workflows/security.yml
name: Security Scan
 
on: [push, pull_request]
 
jobs:
  inkog:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
 
      - name: Run Inkog Scanner
        uses: inkog-io/inkog-action@v1
        with:
          severity: critical,high
          format: sarif
          output: results.sarif
 
      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

Pre-commit Hook

.pre-commit-config.yaml
repos:
  - repo: https://github.com/inkog-io/inkog
    rev: v1.0.0
    hooks:
      - id: inkog
        args: ['--severity', 'critical,high', '--fail-on-findings']

Verify Your Installation

Terminal
$inkog scan --help
Scan a directory or repository for AI agent vulnerabilities Usage: inkog scan [path] [flags] Flags: --config string Config file (default ".inkog.yaml") --format string Output format: text, json, sarif, markdown (default "text") -h, --help Help for scan --ignore strings Patterns to ignore (glob format) -o, --output string Output file path --repo string Remote Git repository URL --severity strings Filter by severity: critical, high, medium, low --fail-on-findings Exit with code 1 if findings detected

Next Steps

Configuration

Learn how to customize Inkog with config files, rule exclusions, and more.

Learn more
Last updated on
QuickstartConfiguration