Open-source AI penetration testing tool to find and fix your app’s vulnerabilities.
Stars climbing, commits landing — this one is taking off.
A deterministic 0–100 hygiene score — README, license, CI, tests, docs, and freshness.
Who ships this repo — author concentration and the bus factor across the last 300 mainline commits.
How welcoming this repo is to contributors — issue throughput, close time, responsiveness, and good-first-issue count.
Grounded in strix's README, structure, and recent commits — answers won't invent code they haven't seen.
mainStrengthened vulnerability reporting guidance
Updated documentation and tool guidance to clarify severity assessment for subdomain takeovers, enforce proper vulnerability reporting workflows (including dependency CVE reporting), and require attack-chain analysis before finalizing scan reports. Added warnings that finish_scan is a terminal action with no draft mode, and emphasized the importance of using the correct reporting tools (create_vulnerability_report or create_dependency_report) before marking findings as complete.
Add dependency and SCA vulnerability details
Enhanced vulnerability reporting to display additional fields for dependency scanning findings, including package information, CWE, fix effort, evidence, and assumptions. These details now appear in both the terminal interface and markdown reports.
Switch to core LiteLLM package
Updated the project to use the standard LiteLLM library instead of the proxy variant, simplifying dependencies while maintaining compatibility.
Add dependency reporting support
Added new fields and tools to report on vulnerable dependencies, including CVE tracking, package metadata, deduplication logic for dependency reports, and a new dependency report creation tool. The system now intelligently identifies duplicate dependency vulnerabilities by matching CVE, package name, and ecosystem.
Fixed dependency compatibility issues
Updated dependencies to cap the OpenAI library version below 2.45 and added the proxy extra for LiteLLM to ensure fresh installations work correctly. This includes syncing the lock file to reflect these changes.
Add root scan prompt customization
Added support for customizing root scan instructions and system prompt context through new optional parameters `root_instructions_override` and `extra_system_prompt_context`. These allow users to extend the root agent's behavior while preserving system-verified security constraints.
Enable custom skill directory registration
Added a skill directory registration system that allows developers to register custom skill directories beyond the default location. The system now uses a `skill_search_dirs()` function to dynamically load skills from multiple registered directories when rendering prompts.
Enable custom scan agent tools
Added ability to register custom tools that are automatically available to all scan agents. Tools can be registered globally via `register_agent_tools()` before agents are built, or passed per-agent via the `extra_tools` parameter. The system prevents duplicate tool names and ensures registered tools appear before the agent's lifecycle tool.
Support routed OpenAI models
Added support for recognizing OpenAI models when prefixed with routing protocols like 'litellm/' or 'any-llm/'. This allows the system to correctly enforce required tool choice settings for routed OpenAI models, not just direct OpenAI model names.
Add forced tool choice setting
Added a new LLM setting that forces OpenAI models to always use required tool choice when enabled. The feature intelligently applies this setting only to OpenAI-compatible models that support it, with a new configuration option available in Settings.
Improved cloud security reconnaissance guidance
Updated GCP and Auth0 reconnaissance documentation to use curl instead of gsutil for anonymous checks (avoiding false positives from ambient credentials) and clarified that Auth0 userinfo endpoint requires a bearer access token. These changes make the security testing guidance more accurate and reliable.
Add GCP and Auth0 security testing
Added comprehensive security testing guides for Google Cloud Platform (GCP) covering IAM misconfigurations, public storage buckets, metadata server abuse, and service account privilege escalation, plus Auth0 tenant and API misconfiguration testing. These expand the security skills library with cloud and identity platform attack surface documentation.
Fix Google module detection for Vertex
Improved error handling to match Google submodule imports (like 'google.auth') when detecting missing Vertex AI dependencies, and enhanced exception chain traversal to find import errors buried deeper in error stacks.
Add Bedrock boto3 error test
Added a test case to verify that the provider hint system correctly identifies and suggests the Bedrock extra installation when a wrapped bedrock import error occurs due to a missing boto3 module.
Better error hints for Vertex AI
Improved error messaging when optional AI provider dependencies (Bedrock and Vertex AI) are missing. The system now detects when litellm wraps import errors inside connection errors and still shows users the correct installation command for the missing extra package.
Fix message rendering cache behavior
Fixed the message rendering cache to use content strings as keys instead of hash values, and now returns copies of cached results to prevent unintended mutations. This ensures rendered messages are properly cached and reused without side effects.
Smoother scrolling with render caching
Reduced UI refresh stutter by slowing down animation frame rates (splash animations, dot animations, and overall UI updates), caching rendered agent messages to avoid re-parsing markdown on every refresh cycle, and preventing duplicate scroll callbacks from queuing during rapid updates.
Prevent ambiguous SARIF repo attribution
Fixed an issue where security findings from scans of multiple repositories could be incorrectly attributed to the first repository in SARIF reports. The system now omits repository provenance information when multiple repositories are scanned together, avoiding mis-attribution of later repositories' findings.
Lower Linux release glibc baseline
Updated the Linux build environment from the latest Ubuntu version to Ubuntu 22.04 to ensure broader compatibility with older systems that use earlier glibc versions.
Suppress verbose OpenAI agent logs
Added a filter to prevent debug-level logs from OpenAI agents SDK from appearing in stdout, while still showing warnings and errors. This reduces noise when running scans in debug mode.
Support custom Caido UI domains
Added support for configuring allowed domains when running Caido in a container. Users can now set the STRIX_CAIDO_ALLOWED_DOMAINS environment variable to a comma-separated list of hostnames, allowing Caido to be accessed over those domains instead of just IP addresses.
Fix Caido endpoint HTTPS support
Fixed session manager to use HTTPS scheme when TLS is enabled for the Caido endpoint, instead of always using HTTP.
Handle docker socket teardown gracefully
Fixed an issue where sandbox cleanup would fail with a traceback if the Docker daemon socket was already gone during teardown. The fix catches connection errors in addition to Docker API errors, ensuring cleanup remains best-effort regardless of daemon reachability.
Add optional extras for AI providers
Bedrock and Vertex AI are now installable as optional packages (strix-agent[bedrock] and strix-agent[vertex]). When a user tries to use these providers without installing the required dependencies, they'll now see a helpful message telling them exactly which command to run.
Add target list CLI option
Users can now provide targets from a file using `--target-list`, with one target per line (comments starting with `#` are ignored). This can be combined with `--target` for flexible multi-target scanning.
Tag findings with STRIDE threat model
Security findings in SARIF reports now include STRIDE-leg tags (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) automatically derived from their CWE classifications. This enables downstream tools like GitHub's Security tab and ASPM dashboards to group and filter findings by threat model category.
Add report writer tests
New test suite covers report generation features including run record file I/O, vulnerability markdown rendering with proper formatting, CSV severity ordering, and executive report output.
Environment variables now override config file
Fixed a bug where configuration values stored in the JSON config file could incorrectly override environment variables when the same setting had multiple possible names. Now environment variables are properly prioritized across all their aliases, case-insensitively, before checking the config file.
A Monday email with what shipped in strix, in plain English — no account needed.
See how strix stacks up against a rival, side by side.
The year in strix as one shareable story card — stats, streaks, and an AI-written narrative.
Drop a live “shipped this week” badge into your README.
[](https://repowrapped.com/gh/usestrix/strix?utm_source=badge&utm_medium=readme)<a href="https://repowrapped.com/gh/usestrix/strix?utm_source=badge&utm_medium=readme"><img src="https://repowrapped.com/gh/usestrix/strix/badge.svg" alt="shipped this week" /></a>A floor, not a guess: counts only commits whose author, co-author trailer, or message explicitly credits an AI tool (Claude, Copilot, Cursor, aider, Codex…). Based on 30 mainline commits. Unattributed AI code isn't counted here — the full audit estimates that separately.