Getting Started

Installation

Using Go (Recommended)

go install github.com/redactyl/redactyl@latest
redactyl --help

Using Homebrew (macOS)

brew install redactyl/tap/redactyl

From Source

git clone https://github.com/redactyl/redactyl.git
cd redactyl
make build
./bin/redactyl --version

Tip: Add the local bin/ to PATH for this shell:

export PATH="$PWD/bin:$PATH"

Quick Start

Interactive Scan (Default)

Navigate to any project directory and run:

redactyl scan

This opens the interactive TUI where you can browse findings, filter by severity, and take action on secrets. The TUI provides:

• Real-time findings with severity color-coding
• Vim-style navigation with search, filter, and grouping
• Syntax-highlighted context preview
• Quick actions: open in editor, baseline, ignore, export
• Virtual file extraction from archives
• Diff view to compare scans

CI/CD Mode (Non-Interactive)

For CI/CD pipelines, disable the TUI:

redactyl scan --no-tui

With Guidance

Get suggested remediation commands:

redactyl scan --guide --no-tui

Output Formats

JSON Output

redactyl scan --json  # Auto-disables TUI

SARIF Output (for GitHub Code Scanning)

redactyl scan --sarif > redactyl.sarif.json

Text-Only Format

redactyl scan --text --no-tui

Scope Control

Control what gets scanned:

# Staged changes only
redactyl scan --staged

# Last N commits
redactyl scan --history 5

# Diff vs base branch
redactyl scan --base main

Deep Artifact Scanning

Scan containers, Helm charts, and archives. The artifacts that actually run in production:

# Scan container images
redactyl scan --containers

# Scan Helm charts
redactyl scan --helm

# Scan Kubernetes manifests
redactyl scan --k8s

# Scan everything
redactyl scan --archives --containers --helm --k8s

Next Steps

• Configuration - Set up .redactyl.yml for your project
• Deep Scanning Guide - Learn about artifact scanning and guardrails
• GitHub Actions - Add scanning to your CI/CD pipeline
• Registry Scanning - Scan remote container images