Quick start with Xygeni DAST

Requirements

Docker Engine 20.10+ (or Docker Desktop) with Compose v2 — i.e. the docker compose ... subcommand. The legacy docker-compose v1 binary is not supported.
A directory on your PATH to drop the wrapper into. This guide uses ~/.local/bin (Linux/macOS) and %USERPROFILE%\.local\bin (Windows).
The XYGENI_TOKEN environment variable must exist and contain a valid token.

Step 1 — Create the install directory and ensure it is on your `PATH`

This is the most common source of "command not found: xy-dast" issues. The install directory must exist before the install command (Docker creates it as root if it does not, which then fails to write), and it must be on your PATH for the short xy-dast command to work.

# 1. Create the directory (idempotent)
mkdir -p ~/.local/bin

# 2. Make sure it is on PATH for the current shell
case ":$PATH:" in *":$HOME/.local/bin:"*) ;; *) export PATH="$HOME/.local/bin:$PATH" ;; esac

# 3. Persist for future shells (only needed once per shell rc)
grep -q '\.local/bin' ~/.bashrc 2>/dev/null \
  || echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc
# zsh users: replace ~/.bashrc with ~/.zshrc

Verify:

echo "$PATH" | tr ':' '\n' | grep -F "$HOME/.local/bin"   # should print the path

# 1. Create the directory
mkdir -p ~/.local/bin

# 2. Add to PATH for the current shell
export PATH="$HOME/.local/bin:$PATH"

# 3. Persist for future shells (zsh is the default since macOS Catalina)
grep -q '\.local/bin' ~/.zshrc 2>/dev/null \
  || echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.zshrc
# bash users: replace ~/.zshrc with ~/.bash_profile

Verify:

echo "$PATH" | tr ':' '\n' | grep -F "$HOME/.local/bin"

# 1. Create the directory
New-Item -ItemType Directory -Force -Path "$HOME\.local\bin" | Out-Null

# 2. Add to PATH for the current shell
$env:PATH = "$HOME\.local\bin;$env:PATH"

# 3. Persist for future shells (User scope, no admin needed)
$userPath = [Environment]::GetEnvironmentVariable('PATH', 'User')
if ($userPath -notlike "*$HOME\.local\bin*") {
  [Environment]::SetEnvironmentVariable('PATH', "$HOME\.local\bin;$userPath", 'User')
}

Verify (open a new PowerShell window after persisting):

$env:PATH -split ';' | Select-String '\.local\\bin'

The Windows wrapper is a PowerShell script (xy-dast.ps1) signed with an Authenticode certificate. If your execution policy blocks running scripts, run Set-ExecutionPolicy -Scope CurrentUser RemoteSigned once.

Step 2 — Install the wrapper from the Docker image

The image's install subcommand drops two files into the mounted directory: the xy-dast wrapper script itself and a sidecar xy-dast-compose.yml that holds the image reference, environment forwarding, and runtime parameters.

docker run --rm -v ~/.local/bin:/mnt/install xygeni/xy-dast install

Verify:

xy-dast --version

If you get command not found (or not recognized as ... cmdlet), revisit Step 1 — the directory is almost certainly not on your PATH yet.

Step 3 — Launch a web application

For the purposes of this guide, Juice Shop can be substituted with any web application you would like to test.

docker pull bkimminich/juice-shop
docker run --rm -p 3000:3000 --name juice-shop bkimminich/juice-shop

Quick Start

Scan a web application:

xy-dast scan -n "MyApp" --branch "origin/main" -u https://example.com

Results are uploaded to the Xygeni platform by default. To save a local report instead, use -o:

xy-dast scan -n "MyApp" --branch "Origin/main" -u https://example.com -o report.json

If you have launched juice shop as mentioned on Step 3, you can use:

xy-dast scan -n "Juice-Shop" --branch "Origin/main" -u http://localhost:3000 -o report.json

For more information about the DAST scanner please see: DAST Scanner.

PreviousQuick start with a preloaded project NextLog in to Xygeni

Last updated 23 days ago

Requirements

Step 1 — Create the install directory and ensure it is on your PATH

Step 2 — Install the wrapper from the Docker image

Step 3 — Launch a web application

Quick Start

Step 1 — Create the install directory and ensure it is on your `PATH`