Getting Started
Get BouncerFox scanning your AI agent configs in under 2 minutes.
Installation
Homebrew
brew tap bouncerfox/tap && brew install --cask bouncerfox
Go
go install github.com/bouncerfox/cli/cmd/bouncerfox@latest
Standalone Binaries
Download prebuilt binaries for Linux, macOS, and Windows from GitHub Releases.
Your First Scan
Navigate to a project that contains AI agent configuration files and run:
bouncerfox scan .
BouncerFox will auto-detect and scan supported files in your project.
What Gets Scanned
BouncerFox automatically finds and scans AI agent configuration files including CLAUDE.md, SKILL.md, .cursorrules, .mcp.json, .claude/settings*.json, AGENTS.md, and more. See the full list of supported file types.
Initialize Configuration
Generate a default .bouncerfox.yml in the current directory:
bouncerfox init
See the Configuration guide for details on customizing this file.
Understanding Output
Each finding includes:
- Severity:
CRITICAL,HIGH,WARN, orINFO - Rule ID: e.g.
SEC_001,QA_003 - File and line number: exact location of the issue
- Message: describes the issue
- Remediation suggestion: how to fix it
CRITICAL [SEC_001] Secret detected in CLAUDE.md
Line 14: Hardcoded API key pattern found
→ Move secrets to environment variables or a secrets manager
Exit Codes
| Code | Meaning |
|---|---|
0 | No findings at or above severity threshold |
1 | One or more findings found |
2 | Scanner error |
Quick CI/CD with GitHub Actions
- uses: bouncerfox/cli@v0
with:
path: .
format: sarif
severity: warn