Installation
Install Gadriel Code in under a minute with a single npm install.
Gadriel ships as a single self-contained Rust binary. It is distributed through npm for convenience — the npm package is a thin wrapper whose post-install step fetches the correct native binary for your platform. There is no Node.js runtime dependency at scan time, no storage daemon, and nothing left in your node_modules beyond the launcher shim.
Prerequisites
| Requirement | Version | Notes |
|---|---|---|
| Node.js | 20 or newer | Only used to run npm install and the launcher shim. |
| git | any recent version | Required for the pre-commit gate and the git-history secret sweep. |
You do not need a Rust toolchain — the binary is pre-built.
Install
Install globally so the gadriel command is on your PATH:
bashnpm install -g gadriel
To install a specific version or upgrade to the latest:
bashnpm install -g gadriel@latest
Package vs. binary: the npm package is named gadriel and the command it installs is also gadriel. The npm wrapper version and the underlying CLI binary version are tracked separately — the wrapper resolves and downloads the matching native binary during post-install.
Verify the installation
Check the CLI version:
bashgadriel --version
gadriel 0.11.5
Confirm the code-security command group is available:
bashgadriel code --help
You should see the code subcommands, including init, scan, findings, report, sbom, mcp, and fix:
Code security: SAST, SCA, secrets, config, container, API
Commands:
init Initialize code-security in this repo (.security/, .claude/, git hooks, MCP server, CLAUDE.md, .gitignore)
scan Run a code-security scan
findings Read findings from .security/findings.json
fix Triage a finding by ID
report Generate compliance reports or the HTML/JSON report bundle
sbom Export SBOM (SPDX 2.3 + CycloneDX)
mcp Start the MCP server (JSON-RPC 2.0 over stdio)
...
For a deeper health check of your environment and configuration, run:
bashgadriel doctor
Next steps
- Authenticate — Gadriel requires a license token before it will scan.
- Run the quickstart — scaffold a repo and run your first scan.
