Skip to content
GERION
ES EN

Installation

Gerion CLI orchestrates four security scanners (Gitleaks, OSV-Scanner, KICS, Opengrep) and sends normalized findings to the Gerion platform. Your code never leaves your infrastructure.

Option A — Docker (recommended)

Section titled “Option A — Docker (recommended)”

The Docker image includes the CLI and all scanners pre-installed. No Python or additional dependencies required on the host.

Ventana de terminal
docker pull ghcr.io/gerion-appsec/gerion-cli:latest

First scan

Section titled “First scan”
Ventana de terminal
# Full scan of the current directory
docker run --rm -v "$PWD:/code" \
  ghcr.io/gerion-appsec/gerion-cli:latest \
  scan-all /code


# With results sent to the Gerion API
docker run --rm -v "$PWD:/code" \
  -e GERION_API_URL="https://api.gerion.dev" \
  -e GERION_API_KEY="your-api-key" \
  ghcr.io/gerion-appsec/gerion-cli:latest \
  scan-all /code

Option B — Local installation (development)

Section titled “Option B — Local installation (development)”

For contributing to the project or running the CLI without Docker.

Requirements

Section titled “Requirements”
  • Python 3.12+
  • Poetry
  • Make
  • curl and tar

Installation

Section titled “Installation”
Ventana de terminal
git clone https://github.com/gerion-appsec/gerion-cli
cd gerion-cli
make install

make install installs Python dependencies with Poetry and downloads the external scanner binaries (Gitleaks, Opengrep, OSV-Scanner, KICS) to ~/.local/bin.

Add ~/.local/bin to your PATH if it isn’t already:

Ventana de terminal
export PATH="$HOME/.local/bin:$PATH"

Verify the installation

Section titled “Verify the installation”
Ventana de terminal
make check

Install components separately

Section titled “Install components separately”
Ventana de terminal
make install-python       # Python dependencies only
make install-gitleaks
make install-opengrep
make install-osv-scanner
make install-kics

Credential configuration

Section titled “Credential configuration”

Get your API Key at gerion.dev → Settings → API Keys.

Ventana de terminal
export GERION_API_URL="https://api.gerion.dev"
export GERION_API_KEY="your-api-key-here"

First scan

Section titled “First scan”
Ventana de terminal
gerion scan-all /path/to/your/project

For individual scanners:

Ventana de terminal
gerion secrets-scan .
gerion sca-scan .
gerion sast-scan .
gerion iac-scan .

Next steps

Section titled “Next steps”