-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnoxaudit.yml.example
More file actions
51 lines (42 loc) · 1.28 KB
/
noxaudit.yml.example
File metadata and controls
51 lines (42 loc) · 1.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# Noxaudit configuration
# Copy this to noxaudit.yml and customize for your project.
repos:
- name: my-app
path: . # Current directory (for GitHub Actions)
provider_rotation: [anthropic]
exclude:
- vendor
- generated
# AI model to use (any supported model ID)
model: claude-sonnet-4-6
# Token budget per run
budget:
max_per_run_usd: 2.00
alert_threshold_usd: 1.50
# Where to store decision memory
decisions:
expiry_days: 90
path: .noxaudit/decisions.jsonl
# Where to save reports
reports_dir: .noxaudit/reports
# Notification channels (optional)
notifications:
- channel: telegram
target: "YOUR_CHAT_ID"
# Auto-create GitHub issues for findings (optional)
issues:
enabled: false
severity_threshold: medium # low, medium, or high
labels: [noxaudit]
assignees: []
# Post-audit validation (sends findings + source code to LLM for verification)
# validate:
# enabled: true
# provider: gemini
# drop_false_positives: true
# min_confidence: medium
# Usage:
# noxaudit run # all 7 focus areas (default)
# noxaudit run --focus security # single area
# noxaudit run --focus security,performance # multiple areas (files deduped)
# noxaudit run --dry-run # preview without calling AI