# Quick start with Xygeni DAST

## **Requirements**

* **Docker Engine 20.10+** (or Docker Desktop) with Compose v2 — i.e. the `docker compose ...` subcommand. The legacy `docker-compose` v1 binary is not supported.
* A directory on your `PATH` to drop the wrapper into. This guide uses `~/.local/bin` (Linux/macOS) and `%USERPROFILE%\.local\bin` (Windows).
* The XYGENI\_TOKEN environment variable must exist and contain a valid token.

#### Step 1 — Create the install directory and ensure it is on your `PATH`

This is the most common source of "command not found: xy-dast" issues. The install directory **must exist before the install command** (Docker creates it as `root` if it does not, which then fails to write), and it **must be on your `PATH`** for the short `xy-dast` command to work.

{% tabs %}
{% tab title="Linux" %}

```bash
# 1. Create the directory (idempotent)
mkdir -p ~/.local/bin

# 2. Make sure it is on PATH for the current shell
case ":$PATH:" in *":$HOME/.local/bin:"*) ;; *) export PATH="$HOME/.local/bin:$PATH" ;; esac

# 3. Persist for future shells (only needed once per shell rc)
grep -q '\.local/bin' ~/.bashrc 2>/dev/null \
  || echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc
# zsh users: replace ~/.bashrc with ~/.zshrc
```

Verify:

```bash
echo "$PATH" | tr ':' '\n' | grep -F "$HOME/.local/bin"   # should print the path
```

{% endtab %}

{% tab title="macOS" %}

```bash
# 1. Create the directory
mkdir -p ~/.local/bin

# 2. Add to PATH for the current shell
export PATH="$HOME/.local/bin:$PATH"

# 3. Persist for future shells (zsh is the default since macOS Catalina)
grep -q '\.local/bin' ~/.zshrc 2>/dev/null \
  || echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.zshrc
# bash users: replace ~/.zshrc with ~/.bash_profile
```

Verify:

```bash
echo "$PATH" | tr ':' '\n' | grep -F "$HOME/.local/bin"
```

{% endtab %}

{% tab title="Windows (PowerShell)" %}

```powershell
# 1. Create the directory
New-Item -ItemType Directory -Force -Path "$HOME\.local\bin" | Out-Null

# 2. Add to PATH for the current shell
$env:PATH = "$HOME\.local\bin;$env:PATH"

# 3. Persist for future shells (User scope, no admin needed)
$userPath = [Environment]::GetEnvironmentVariable('PATH', 'User')
if ($userPath -notlike "*$HOME\.local\bin*") {
  [Environment]::SetEnvironmentVariable('PATH', "$HOME\.local\bin;$userPath", 'User')
}
```

Verify (open a **new** PowerShell window after persisting):

```powershell
$env:PATH -split ';' | Select-String '\.local\\bin'
```

{% hint style="info" %}
The Windows wrapper is a PowerShell script (`xy-dast.ps1`) signed with an Authenticode certificate. If your execution policy blocks running scripts, run `Set-ExecutionPolicy -Scope CurrentUser RemoteSigned` once.
{% endhint %}
{% endtab %}
{% endtabs %}

#### Step 2 — Install the wrapper from the Docker image

The image's `install` subcommand drops two files into the mounted directory: the `xy-dast` wrapper script itself and a sidecar `xy-dast-compose.yml` that holds the image reference, environment forwarding, and runtime parameters.

{% tabs %}
{% tab title="Linux / macOS" %}

```bash
docker run --rm -v ~/.local/bin:/mnt/install xygeni/xy-dast install
```

{% endtab %}

{% tab title="Windows (PowerShell)" %}

```powershell
docker run --rm -v "${HOME}\.local\bin:/mnt/install" xygeni/xy-dast install --powershell
```

`--powershell` produces the signed `.ps1` wrapper (and matching sidecar) instead of the bash one.
{% endtab %}
{% endtabs %}

Verify:

```bash
xy-dast --version
```

If you get `command not found` (or `not recognized as ... cmdlet`), revisit Step 1 — the directory is almost certainly not on your `PATH` yet.

### Step 3 — Launch a web application <a href="#quick_start" id="quick_start"></a>

For the purposes of this guide, Juice Shop can be substituted with any web application you would like to test.

```
docker pull bkimminich/juice-shop
docker run --rm -p 3000:3000 --name juice-shop bkimminich/juice-shop
```

### Quick Start

Scan a web application:

```bash
xy-dast scan -n "MyApp" --branch "origin/main" -u https://example.com
```

Results are uploaded to the Xygeni platform by default. To save a local report instead, use `-o`:

```bash
xy-dast scan -n "MyApp" --branch "Origin/main" -u https://example.com -o report.json
```

If you have launched juice shop as mentioned on Step 3, you can use:

```bash
xy-dast scan -n "Juice-Shop" --branch "Origin/main" -u http://localhost:3000 -o report.json
```

For more information about the DAST scanner please see: [DAST Scanner](/xygeni-products/dast-security/dast-scanner.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.xygeni.io/getting-started/quick-start-with-xygeni-dast.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.