|
| 1 | +# Config Reference |
| 2 | + |
| 3 | +All configuration keys and their defaults. Override via **profile YAML**, **.argus.yml**, **environment variables**, or **CLI**. Precedence: defaults < profile < .argus.yml < env < CLI. |
| 4 | + |
| 5 | +Source: `scripts/config_loader.get_default_config()` and `_ENV_MAPPINGS`. |
| 6 | + |
| 7 | +--- |
| 8 | + |
| 9 | +## AI |
| 10 | + |
| 11 | +| Key | Default | Env var(s) | |
| 12 | +|-----|---------|------------| |
| 13 | +| ai_provider | auto | AI_PROVIDER, INPUT_AI_PROVIDER | |
| 14 | +| model | auto | MODEL, INPUT_MODEL | |
| 15 | +| multi_agent_mode | single | MULTI_AGENT_MODE, INPUT_MULTI_AGENT_MODE | |
| 16 | +| anthropic_api_key | "" | ANTHROPIC_API_KEY | |
| 17 | +| openai_api_key | "" | OPENAI_API_KEY | |
| 18 | +| ollama_endpoint | "" | OLLAMA_ENDPOINT | |
| 19 | + |
| 20 | +## Scanners |
| 21 | + |
| 22 | +| Key | Default | Env var(s) | |
| 23 | +|-----|---------|------------| |
| 24 | +| enable_semgrep | true | ENABLE_SEMGREP, SEMGREP_ENABLED | |
| 25 | +| enable_trivy | true | ENABLE_TRIVY | |
| 26 | +| enable_checkov | true | ENABLE_CHECKOV | |
| 27 | +| enable_api_security | true | ENABLE_API_SECURITY | |
| 28 | +| enable_dast | false | ENABLE_DAST | |
| 29 | +| enable_supply_chain | true | ENABLE_SUPPLY_CHAIN | |
| 30 | +| enable_fuzzing | false | ENABLE_FUZZING | |
| 31 | +| enable_threat_intel | true | ENABLE_THREAT_INTEL | |
| 32 | +| enable_remediation | true | ENABLE_REMEDIATION | |
| 33 | +| enable_runtime_security | false | ENABLE_RUNTIME_SECURITY | |
| 34 | +| enable_regression_testing | true | ENABLE_REGRESSION_TESTING | |
| 35 | +| enable_gitleaks | true | ENABLE_GITLEAKS | |
| 36 | +| enable_nuclei_templates | true | ENABLE_NUCLEI_TEMPLATES | |
| 37 | +| enable_zap_baseline | false | ENABLE_ZAP_BASELINE | |
| 38 | + |
| 39 | +## DAST (orchestrator) |
| 40 | + |
| 41 | +| Key | Default | Env var(s) | |
| 42 | +|-----|---------|------------| |
| 43 | +| dast_target_url | "" | DAST_TARGET_URL | |
| 44 | +| dast_auth_config_path | "" | DAST_AUTH_CONFIG_PATH | |
| 45 | +| dast_enable_nuclei | true | DAST_ENABLE_NUCLEI | |
| 46 | +| dast_enable_zap | true | DAST_ENABLE_ZAP | |
| 47 | +| dast_max_duration | 900 | DAST_MAX_DURATION | |
| 48 | +| dast_parallel_agents | true | DAST_PARALLEL_AGENTS | |
| 49 | + |
| 50 | +## Feature toggles |
| 51 | + |
| 52 | +| Key | Default | Env var(s) | |
| 53 | +|-----|---------|------------| |
| 54 | +| enable_multi_agent | true | ENABLE_MULTI_AGENT, INPUT_ENABLE_MULTI_AGENT | |
| 55 | +| enable_spontaneous_discovery | true | ENABLE_SPONTANEOUS_DISCOVERY | |
| 56 | +| enable_collaborative_reasoning | false | ENABLE_COLLABORATIVE_REASONING | |
| 57 | +| enable_ai_enrichment | true | ENABLE_AI_ENRICHMENT | |
| 58 | +| enable_threat_modeling | true | ENABLE_THREAT_MODELING | |
| 59 | +| enable_sandbox_validation | true | ENABLE_SANDBOX_VALIDATION | |
| 60 | +| enable_heuristics | true | ENABLE_HEURISTICS | |
| 61 | +| enable_consensus | true | ENABLE_CONSENSUS | |
| 62 | +| enable_iris | true | ENABLE_IRIS | |
| 63 | +| enable_proof_by_exploitation | false | ENABLE_PROOF_BY_EXPLOITATION | |
| 64 | +| max_exploit_attempts | 10 | MAX_EXPLOIT_ATTEMPTS | |
| 65 | +| enable_audit_trail | true | ENABLE_AUDIT_TRAIL | |
| 66 | +| audit_save_prompts | true | AUDIT_SAVE_PROMPTS | |
| 67 | +| enable_smart_retry | true | ENABLE_SMART_RETRY | |
| 68 | +| retry_max_attempts | 3 | RETRY_MAX_ATTEMPTS | |
| 69 | +| retry_billing_delay | 60 | RETRY_BILLING_DELAY | |
| 70 | + |
| 71 | +## Limits & files |
| 72 | + |
| 73 | +| Key | Default | Env var(s) | |
| 74 | +|-----|---------|------------| |
| 75 | +| max_files | 50 | MAX_FILES, INPUT_MAX_FILES | |
| 76 | +| max_file_size | 50000 | MAX_FILE_SIZE, INPUT_MAX_FILE_SIZE | |
| 77 | +| max_tokens | 8000 | MAX_TOKENS, INPUT_MAX_TOKENS | |
| 78 | +| cost_limit | 1.0 | COST_LIMIT, INPUT_COST_LIMIT | |
| 79 | +| only_changed | false | ONLY_CHANGED, INPUT_ONLY_CHANGED | |
| 80 | +| include_paths | "" | INCLUDE_PATHS, INPUT_INCLUDE_PATHS | |
| 81 | +| exclude_paths | .github/**,node_modules/**,... | EXCLUDE_PATHS, INPUT_EXCLUDE_PATHS | |
| 82 | + |
| 83 | +## Deep analysis |
| 84 | + |
| 85 | +| Key | Default | Env var(s) | |
| 86 | +|-----|---------|------------| |
| 87 | +| deep_analysis_mode | off | DEEP_ANALYSIS_MODE | |
| 88 | +| deep_analysis_max_files | 50 | DEEP_ANALYSIS_MAX_FILES, MAX_FILES_DEEP_ANALYSIS | |
| 89 | +| deep_analysis_timeout | 300 | DEEP_ANALYSIS_TIMEOUT | |
| 90 | +| deep_analysis_cost_ceiling | 5.0 | DEEP_ANALYSIS_COST_CEILING | |
| 91 | + |
| 92 | +## Phase gating & parallel |
| 93 | + |
| 94 | +| Key | Default | Env var(s) | |
| 95 | +|-----|---------|------------| |
| 96 | +| enable_phase_gating | true | ENABLE_PHASE_GATING | |
| 97 | +| phase_gate_strict | false | PHASE_GATE_STRICT | |
| 98 | +| enable_parallel_agents | true | ENABLE_PARALLEL_AGENTS | |
| 99 | +| parallel_agent_workers | 3 | PARALLEL_AGENT_WORKERS | |
| 100 | + |
| 101 | +## Vulnerability enrichment & compliance |
| 102 | + |
| 103 | +| Key | Default | Env var(s) | |
| 104 | +|-----|---------|------------| |
| 105 | +| enable_license_risk_scoring | true | ENABLE_LICENSE_RISK_SCORING | |
| 106 | +| enable_epss_scoring | true | ENABLE_EPSS_SCORING | |
| 107 | +| epss_cache_ttl_hours | 24 | EPSS_CACHE_TTL_HOURS | |
| 108 | +| enable_fix_version_tracking | true | ENABLE_FIX_VERSION_TRACKING | |
| 109 | +| enable_vex | true | ENABLE_VEX | |
| 110 | +| vex_paths | "" | VEX_PATHS | |
| 111 | +| vex_auto_discover_dir | .argus/vex | VEX_AUTO_DISCOVER_DIR | |
| 112 | +| enable_vuln_deduplication | true | ENABLE_VULN_DEDUPLICATION | |
| 113 | +| deduplication_strategy | auto | DEDUPLICATION_STRATEGY | |
| 114 | +| enable_advanced_suppression | true | ENABLE_ADVANCED_SUPPRESSION | |
| 115 | +| suppression_auto_expire_days | 90 | SUPPRESSION_AUTO_EXPIRE_DAYS | |
| 116 | +| enable_compliance_mapping | true | ENABLE_COMPLIANCE_MAPPING | |
| 117 | +| compliance_frameworks | "" | COMPLIANCE_FRAMEWORKS | |
| 118 | + |
| 119 | +## Continuous security (v3) |
| 120 | + |
| 121 | +| Key | Default | Env var(s) | |
| 122 | +|-----|---------|------------| |
| 123 | +| enable_diff_scoping | true | ENABLE_DIFF_SCOPING | |
| 124 | +| diff_expand_impact_radius | true | DIFF_EXPAND_IMPACT_RADIUS | |
| 125 | +| enable_autofix_pr | false | ENABLE_AUTOFIX_PR | |
| 126 | +| autofix_confidence_threshold | high | AUTOFIX_CONFIDENCE_THRESHOLD | |
| 127 | +| autofix_max_prs_per_scan | 5 | AUTOFIX_MAX_PRS_PER_SCAN | |
| 128 | +| enable_findings_store | true | ENABLE_FINDINGS_STORE | |
| 129 | +| findings_db_path | .argus/findings.db | FINDINGS_DB_PATH | |
| 130 | +| inject_historical_context | true | INJECT_HISTORICAL_CONTEXT | |
| 131 | +| enable_agent_chain_discovery | false | ENABLE_AGENT_CHAIN_DISCOVERY | |
| 132 | +| enable_cross_component_analysis | true | ENABLE_CROSS_COMPONENT_ANALYSIS | |
| 133 | +| enable_app_context | true | ENABLE_APP_CONTEXT | |
| 134 | +| enable_live_validation | false | ENABLE_LIVE_VALIDATION | |
| 135 | +| live_validation_environment | staging | LIVE_VALIDATION_ENVIRONMENT | |
| 136 | + |
| 137 | +## Other |
| 138 | + |
| 139 | +| Key | Default | Env var(s) | |
| 140 | +|-----|---------|------------| |
| 141 | +| enable_mcp_server | false | ENABLE_MCP_SERVER | |
| 142 | +| enable_quality_filter | true | ENABLE_QUALITY_FILTER | |
| 143 | +| quality_filter_min_confidence | 0.30 | QUALITY_FILTER_MIN_CONFIDENCE | |
| 144 | +| review_type | audit | — | |
| 145 | +| project_type | auto | — | |
| 146 | +| fail_on | "" | FAIL_ON, INPUT_FAIL_ON | |
| 147 | +| agent_profile | default | — | |
| 148 | +| enable_temporal | false | ENABLE_TEMPORAL | |
| 149 | +| temporal_server | localhost:7233 | TEMPORAL_SERVER | |
| 150 | +| temporal_namespace | argus | TEMPORAL_NAMESPACE | |
| 151 | +| temporal_retry_mode | production | TEMPORAL_RETRY_MODE | |
| 152 | +| consensus_threshold | 0.5 | CONSENSUS_THRESHOLD | |
| 153 | +| exploitability_threshold | moderate | EXPLOITABILITY_THRESHOLD | |
| 154 | +| fuzzing_duration | 300 | FUZZING_DURATION | |
| 155 | +| runtime_monitoring_duration | 60 | RUNTIME_MONITORING_DURATION | |
| 156 | + |
| 157 | +For full env-to-key mapping and types, see `config_loader._ENV_MAPPINGS` and `build_unified_config()`. |
0 commit comments