search
Ctrlk

AI Triage

xygeni util ai-triage runs AI-driven triage against an existing Xygeni issues report and uploads the triage results to the Xygeni platform. It applies the same AI Triage engine used by the UI and by the --triage scan flag, but operates on a report that has already been generated.

For an overview of what AI Triage produces (verdict, remediation urgency, remediation complexity), see AI Triage.

The command auto-detects the issue kind from the report and supports:

  • SAST (code_vulnerability)

  • IaC (iac_flaw)

  • Secrets (secret)

  • SCA (sca_vulnerability) — accepted on a deps report produced with --include-vulnerabilities, on a dedicated sca report, or on the SCA portion of a combined scan report. The command rejects inputs that carry no SCA vulnerabilities.

  • DAST (dast_finding)

Malware reports are not accepted by util ai-triage — Malware triage runs at scan time only. See AI Triage for Malware.

hashtag
Synopsis

xygeni util ai-triage -d <directory> --report <reportPath>
                      [-i <includePatterns>] [-e <excludePatterns>]
                      [--detectors <detectors>] [--skip-detectors <skipDetectors>]
                      [--issues <issueHashes>] [--skip-issues <issueHashes>]
                      [--name <name>] [--sourceType <sourceType>]
                      [--bot-config <xygeniBotConfigPath>]

hashtag
Options

hashtag
Input files

Option
Description

-d, --dir <directory>

The source code directory to analyze. Required. Triage uses the source code in this directory as context for the AI.

-i, --include <includePatterns>

Comma-separated glob patterns of files to include. Use * as file wildcard and ** for any file or directory at any depth.

-e, --exclude <excludePatterns>

Comma-separated glob patterns of files to exclude. Example: -e '**/test/**,**/build/*.o'.

hashtag
Issue selection

Option
Description

--detectors <detectors>

Comma-separated list of detector IDs to triage, a severity (critical, high, medium, low, info), or all. When a severity is provided, that severity and all higher ones are included (for example, --detectors=high triages high and critical).

--skip-detectors <skipDetectors>

Comma-separated list of detector IDs to ignore, or a severity. Inverse of --detectors.

--issues <issueHashes>

Comma-separated list of specific issue hashes to triage. When provided, only those issues are triaged.

--skip-issues <issueHashes>

Comma-separated list of issue hashes to skip.

hashtag
Triage parameters

Option
Description

--report <reportPath>

Path to the Xygeni issues report to triage. Required. The report format determines the issue kind (SAST, IaC, Secrets, SCA, or DAST) automatically.

--name <name>

Project name to associate with the triage report. When omitted, the project name is read from the report metadata.

--sourceType <sourceType>

Source type of the project under triage. Defaults to REPO.

--bot-config <xygeniBotConfigPath>

Path to a xygenibot.yml file. Used to configure a custom AI provider for the triage. When omitted, the command looks for a xygenibot.yml in the source code directory; if none is found, the AI provider configured for your account is used.

hashtag
Examples

Triage all issues in a Xygeni report against the source code in <dir>:

Triage only the issues reported by a specific detector:

Triage only issues at critical severity (and any higher severity, if defined):

Triage a specific set of issues by hash:

Use a custom AI provider via a xygenibot.yml configuration file:

hashtag
Custom AI providers

--bot-config reuses the same xygenibot.yml configuration file used by Xygeni Botarrow-up-right. The supported AI providers are:

  • Xygeni (default)

  • Anthropic

  • Google Gemini

  • Groq

  • OpenAI

  • OpenRouter

See Xygeni Botarrow-up-right for the full list of ai-agents configuration options.

hashtag
Related

  • AI Triage — feature overview, UI flows, tags, and funnel integration.

  • Single scan — running triage as part of a scan with --triage.

PreviousCentral ConfigurationNextXygeni Guardrails

Last updated