Xygeni CLI Installation

Xygeni CLI can be used either installing it or by using Xygeni CLI Docker Image.

This page specifies how to install CLI. Please visit Xygeni CLI Docker Image if you prefer to use the CLI docker image.

CLI Installation

Please see Xygeni CLI Prerequisites before installing.

Install the Scanner

Xygeni provides bootstrap scripts (get-xygeni.sh for mac/Linux, get-xygeni.ps1 for Windows) that download the scanner, verify its SHA-256 checksum, and install it in a single step.

1. Download the bootstrap script

curl -sSfLO https://get.xygeni.io/latest/scanner/get-xygeni.sh

2. Review the script

The script downloads the scanner, verifies its SHA-256 checksum (from a separate source on GitHub), and installs it. You can review its contents — it is intentionally kept short:

set -e
# Download helper: uses curl if available, falls back to wget
fetch() { curl -sSfL "$1" 2>/dev/null || wget -qO- "$1"; }
DIR="${1:-$HOME/.xygeni}"
# Check and exit if already installed
[ -x "$DIR/xygeni" ] && { echo "Xygeni scanner already installed in $DIR" >&2; exit 0; }
ZIP="$(mktemp).zip"
trap 'rm -f "$ZIP"' EXIT
# Download scanner and checksum
fetch https://get.xygeni.io/latest/scanner/xygeni_scanner.zip > "$ZIP"
EXPECT=$(fetch https://raw.githubusercontent.com/xygeni/xygeni/main/checksum/latest/xygeni-release.zip.sha256)
ACTUAL=$(sha256sum "$ZIP" 2>/dev/null || shasum -a 256 "$ZIP")
ACTUAL=$(echo "$ACTUAL" | awk '{print $1}')
# Verify checksum
[ "$EXPECT" = "$ACTUAL" ] || { echo "Checksum mismatch: expected $EXPECT, got $ACTUAL" >&2; exit 1; }
# Extract scanner: uses unzip if available, falls back to jar (Java is required for the scanner)
mkdir -p "$DIR"
unzip -qo "$ZIP" -d "$DIR" 2>/dev/null || (cd "$DIR" && jar xf "$ZIP")
mv "$DIR/xygeni_scanner"/* "$DIR/" && rmdir "$DIR/xygeni_scanner"  # flatten nested dir
echo "Xygeni scanner installed in $DIR"

3. Verify the script checksum

h=$(curl -s https://raw.githubusercontent.com/xygeni/xygeni/main/checksum/latest/get-xygeni.sh.sha256)
echo "$h get-xygeni.sh" | sha256sum -c

On macOS, sha256sum may not be available. Replace sha256sum -c with shasum -a 256 -c in the command above.

If the checksum matches, you will see:

get-xygeni.sh: OK

If it does not match, you will see:

get-xygeni.sh: FAILED
sha256sum: WARNING: 1 computed checksum did NOT match

If the checksum verification fails, do not run the script. Delete the downloaded file and try downloading it again. If the problem persists, contact Xygeni support.

4. Run the script

# Default installs to ~/.xygeni, or pass a custom directory
sh get-xygeni.sh [install_dir]

1. Download the bootstrap script

Invoke-WebRequest https://get.xygeni.io/latest/scanner/get-xygeni.ps1 -OutFile get-xygeni.ps1

2. Review the script

The script downloads the scanner, verifies its SHA-256 checksum (from a separate source on GitHub), and installs it. You can review its contents:

# Installation directory (default: $Home\.xygeni, or pass -Dir)
param([string]$Dir = "$Home\.xygeni")
$DownloadUrl = 'https://get.xygeni.io/latest/scanner/xygeni_scanner.zip'
$ChecksumUrl = 'https://raw.githubusercontent.com/xygeni/xygeni/main/checksum/latest/xygeni-release.zip.sha256'
$ErrorActionPreference = 'Stop'
# Check and exit if already installed
if (Test-Path (Join-Path $Dir 'xygeni.ps1')) { Write-Host "Xygeni scanner already installed in $Dir"; exit 0 }

$zip = [System.IO.Path]::GetTempFileName() + '.zip'
try {
    # Download scanner and checksum
    Invoke-WebRequest -URI $DownloadUrl -OutFile $zip -UseBasicParsing
    $expect = (Invoke-WebRequest -URI $ChecksumUrl -UseBasicParsing).Content.Trim()
    # Verify SHA256 checksum
    $actual = (Get-FileHash -Path $zip -Algorithm SHA256).Hash.ToLower()
    if ($expect -ne $actual) { throw "Checksum mismatch: expected $expect, got $actual" }
    # Unzip scanner
    New-Item -ItemType Directory -Force -Path $Dir | Out-Null
    Expand-Archive -Force $zip -DestinationPath $Dir
    Move-Item -Force (Join-Path (Join-Path $Dir 'xygeni_scanner') '*') $Dir  # flatten nested dir
    Remove-Item (Join-Path $Dir 'xygeni_scanner')
    Write-Host "Xygeni scanner installed in $Dir"
} finally { Remove-Item -Force -ErrorAction SilentlyContinue $zip }

3. Verify the script checksum

$h = (Invoke-WebRequest https://raw.githubusercontent.com/xygeni/xygeni/main/checksum/latest/get-xygeni.ps1.sha256 -UseBasicParsing).Content.Trim()
(Get-FileHash .\get-xygeni.ps1 -Algorithm SHA256).Hash -eq $h

If the checksum matches, the command returns:

True

If it does not match, the command returns:

False

If the checksum verification fails (False), do not run the script. Delete the downloaded file and try downloading it again. If the problem persists, contact Xygeni support.

4. Run the script

# Default installs to $Home\.xygeni, or pass -Dir
.\get-xygeni.ps1 [-Dir C:\path\to\install]

The script fetches the checksum from GitHub (raw.githubusercontent.com/xygeni/xygeni) while the scanner zip is downloaded from get.xygeni.io — an attacker would need to compromise both sites to bypass the integrity check.

Fetch your Xygeni API token

Active Xygeni account credentials are mandatory to run the script, so make sure you’ve signed up first! Visit Create a Free Trial account or Log in to Xygeni

Go your profile pannel and navigate to Organization/Personal Tokens:

Create a new token. The difference betweeen Organization tokens and Personal tokens is who can see and revoke those tokens. Select either one and generate a new token.

In order to run scans, the only permission that is needed is the "Upload scan results" permission. However, if you want to use the same token with the REST API, you’ll need to grant it additional permissions.

Set XYGENI_TOKEN environment variable

In order to run scans, a new environment variable must be set, the name of this variable must be "XYGENI_TOKEN" and it content has to be the token that was created in the previous step.

nano ~/.bashrc

Add this line at the end of the file:

export XYGENI_TOKEN="<TOKEN>"

Apply the changes:

source ~/.bashrc

This will create the XYGENI_TOKEN environment variable for the current user.

(Recommended) Add the scanner folder to path

In order to execute the Xygeni application as another command, the scanner must be accessible from your shell.

This step is optional but highly recommended to facilitate future scans.

Option 1 — Symlink in ~/.local/bin (recommended, if ~/.local/bin is already in PATH):

ln -s "$HOME/.xygeni/xygeni" "$HOME/.local/bin/xygeni"

Option 2 — Shell alias in ~/.bashrc or ~/.zshrc:

echo 'alias xygeni="$HOME/.xygeni/xygeni"' >> ~/.bashrc
source ~/.bashrc

Option 3 — Add to PATH (fallback):

echo 'export PATH="$PATH:$HOME/.xygeni"' >> ~/.bashrc
source ~/.bashrc

This will modify the Current User Path.

What’s next?

Congratulations, at this point you should have your installation successfully completed.

Now, let’s run your first scan. Move to your installation directory and execute the command:

cd ~/.xygeni
xygeni scan -n your_project_name --dir your_project_path

PreviousXygeni CLI Prerequisites NextXygeni CLI Docker Image

Last updated 4 days ago

hashtagCLI Installation

hashtagInstall the Scanner

hashtagFetch your Xygeni API token

hashtagSet XYGENI_TOKEN environment variable

hashtag(Recommended) Add the scanner folder to path

hashtagWhat’s next?

CLI Installation

Install the Scanner

Fetch your Xygeni API token

Set XYGENI_TOKEN environment variable

(Recommended) Add the scanner folder to path

What’s next?