CLI Reference

Primary focus: The CLI is designed for PR reviews and quality gates in CI/CD pipelines. While it supports triggering scans and exporting results, the core use case is integrating CodeStax security checks into your automated workflows — blocking merges that introduce critical vulnerabilities and triggering PR-level reviews on every pull request.

The CodeStax CLI lets you interact with the platform from your terminal or CI/CD pipeline.

Installation

Download the CLI from your CodeStax dashboard or clone from the repository:


# Download the CLI script
curl -o codestax https://codestax.co/cli/codestax
chmod +x codestax
 
# Or use directly with Python
python3 codestax.py <command>
 
# Verify installation
python3 codestax.py --version

Authentication

Set your API key as an environment variable:


export CODESTAX_API_KEY="your-api-key-here"
export CODESTAX_API_URL="https://codestax.co/api/v1"  # optional, defaults to production

Generate an API key from Settings → API Keys in the dashboard.

Commands

`codestax trigger`

Trigger a security scan on a repository.


codestax trigger --repo my-org/my-repo --type deep

Flag	Required	Default	Description
`--repo`	Yes	—	Repository in `owner/name` format
`--type`	No	`smart`	Scan type: `smart` or `deep`
`--branch`	No	default branch	Branch to scan
`--wait`	No	`false`	Wait for scan to complete and print results

`codestax gate`

Enforce a quality gate. Returns exit code 0 (pass) or 1 (fail).


codestax gate --repo my-org/my-repo --scan latest

Flag	Required	Default	Description
`--repo`	Yes	—	Repository in `owner/name` format
`--scan`	No	`latest`	Scan ID or `latest`
`--max-critical`	No	`0`	Max critical findings allowed
`--max-high`	No	`5`	Max high findings allowed
`--max-score`	No	`50`	Max risk score allowed

`codestax list`

List scans for a repository.


codestax list --repo my-org/my-repo --limit 10

Flag	Required	Default	Description
`--repo`	Yes	—	Repository in `owner/name` format
`--limit`	No	`20`	Number of results
`--status`	No	all	Filter by status: `completed`, `running`, `failed`
`--format`	No	`table`	Output format: `table`, `json`

`codestax issues`

List issues from the latest scan.


codestax issues --repo my-org/my-repo --severity critical,high

Flag	Required	Default	Description
`--repo`	Yes	—	Repository in `owner/name` format
`--scan`	No	`latest`	Scan ID or `latest`
`--severity`	No	all	Comma-separated: `critical`, `high`, `medium`, `low`
`--type`	No	all	Filter by scanner type: `sast`, `sca`, `secrets`, `iac`
`--format`	No	`table`	Output format: `table`, `json`

`codestax dora`

Retrieve DORA metrics for a repository.


codestax dora --repo my-org/my-repo --period 30d

Flag	Required	Default	Description
`--repo`	Yes	—	Repository in `owner/name` format
`--period`	No	`30d`	Time period: `7d`, `30d`, `90d`
`--format`	No	`table`	Output format: `table`, `json`

`codestax export`

Export scan results in various formats.


codestax export --repo my-org/my-repo --format sarif --output results.sarif

Flag	Required	Default	Description
`--repo`	Yes	—	Repository in `owner/name` format
`--scan`	No	`latest`	Scan ID or `latest`
`--format`	Yes	—	Export format: `sarif`, `csv`, `json`
`--output`	No	stdout	Output file path

`codestax review`

Trigger a PR review.


codestax review --repo my-org/my-repo --pr 42

Flag	Required	Default	Description
`--repo`	Yes	—	Repository in `owner/name` format
`--pr`	Yes	—	Pull request number
`--wait`	No	`false`	Wait for review to complete

CI/CD Usage

GitHub Actions


name: CodeStax Security Gate
on: [pull_request]
 
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
 
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'
 
      - name: Install CodeStax CLI
        run: |
          curl -o codestax.py https://codestax.co/cli/codestax
          chmod +x codestax.py
 
      - name: Trigger Scan
        env:
          CODESTAX_API_KEY: ${{ secrets.CODESTAX_API_KEY }}
        run: python3 codestax.py trigger --repo ${{ github.repository }} --wait
 
      - name: Enforce Quality Gate
        env:
          CODESTAX_API_KEY: ${{ secrets.CODESTAX_API_KEY }}
        run: python3 codestax.py gate --repo ${{ github.repository }} --max-critical 0 --max-high 3

GitLab CI


codestax-gate:
  image: python:3.11-alpine
  stage: test
  before_script:
    - curl -o codestax.py https://codestax.co/cli/codestax
    - chmod +x codestax.py
  script:
    - python3 codestax.py trigger --repo $CI_PROJECT_PATH --wait
    - python3 codestax.py gate --repo $CI_PROJECT_PATH --max-critical 0
  variables:
    CODESTAX_API_KEY: $CODESTAX_API_KEY

Exit Codes

Code	Meaning
`0`	Success / gate passed
`1`	Gate failed / scan found issues above threshold
`2`	Authentication error (invalid or missing API key)
`3`	Network error (could not reach API)
`4`	Invalid arguments