Noxtara CLI Configuration Reference

Section: ReferenceOrder: 3

Complete reference for configuring the Noxtara CLI using the noxtara.yaml file and environment variables.

Configuration File

Noxtara looks for configuration in these locations (in order):

1. noxtara.yaml
2. noxtara.yml

If neither file exists, the CLI uses default values and environment variables.

Configuration Options

Top-Level Options

Option	Type	Required	Default	Description
apiKey	string	Yes*	—	API key for authenticating with Noxtara API
baseUrl	string	No	https://app.noxtara.com/api/main/client	Base URL for the Noxtara API endpoint
autoPr	boolean	No	true	Automatically create PRs to update config with new entry IDs
scan	object	No	—	Scan-related configuration options

*Required either in config file or via NOXTARA_API_KEY environment variable.

Scan Configuration

SCA/SAST Scan (scan.scaSast)

Option	Type	Required	Description
from	string	Yes*	Starting point/path for SCA/SAST scan analysis
ignore	array of strings	No	File patterns or paths to exclude during scanning
entryId	string	No	Entry ID to update existing SCA/SAST scan entry

*Required for automated scans via GitHub Actions or when running noxtara scan without arguments.

Mobile Scan (scan.mobile)

Option	Type	Required	Description
file	string	Yes*	Path to APK file for mobile scan
entryId	string	No	Entry ID to update existing mobile scan entry

*Required when running mobile scans via noxtara scan without arguments.

Configuration Examples

Basic SCA/SAST Configuration

baseUrl: "https://app.noxtara.com/api/main/client"
scan:
  scaSast:
    from: .

With Ignore Patterns

baseUrl: "https://app.noxtara.com/api/main/client"
scan:
  scaSast:
    from: .
    ignore:
      - "node_modules/**"
      - "dist/**"
      - "*.test.ts"
      - "coverage/**"

With Entry ID (After First Scan)

baseUrl: "https://app.noxtara.com/api/main/client"
scan:
  scaSast:
    from: .
    entryId: vdyajvbNGRA9QuHmRCXtvt
    ignore:
      - "node_modules/**"

Mobile Scan Configuration

baseUrl: "https://app.noxtara.com/api/main/client"
scan:
  mobile:
    file: ./app-release.apk
    entryId: mobile-entry-abc123

Multiple Scan Types

baseUrl: "https://app.noxtara.com/api/main/client"
autoPr: true
scan:
  scaSast:
    from: .
    entryId: code-scan-123
    ignore:
      - "node_modules/**"
  mobile:
    file: ./app.apk
    entryId: mobile-scan-456

Environment Variables

Environment variables take precedence over config file values (except for NOXTARA_AUTO_PR which can be overridden by the config file).

Variable	Type	Description
NOXTARA_API_KEY	string	API key for authentication
NOXTARA_BASE_URL	string	Base URL for Noxtara API
NOXTARA_AUTO_PR	boolean	Enable/disable automatic PR creation

Variable Precedence

1. Config file value (noxtara.yaml)
2. Environment variable (NOXTARA_*)
3. Default value

Example: If baseUrl is set in both noxtara.yaml and NOXTARA_BASE_URL, the config file value is used.

JSON Schema

The configuration file is validated against this schema:

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "type": "object",
  "properties": {
    "apiKey": {
      "type": "string",
      "description": "API key for authenticating with Noxtara API"
    },
    "baseUrl": {
      "type": "string",
      "minLength": 1,
      "description": "Base URL for the Noxtara API endpoint"
    },
    "autoPr": {
      "type": "boolean",
      "description": "Automatically create PRs to update config with new IDs"
    },
    "scan": {
      "type": "object",
      "properties": {
        "scaSast": {
          "type": "object",
          "properties": {
            "from": {
              "type": "string",
              "minLength": 1,
              "description": "Starting point/path for SCA/SAST scan"
            },
            "ignore": {
              "type": "array",
              "items": { "type": "string" },
              "description": "File patterns to ignore"
            },
            "entryId": {
              "type": "string",
              "minLength": 1,
              "description": "Entry ID for existing scan"
            }
          }
        },
        "mobile": {
          "type": "object",
          "properties": {
            "file": {
              "type": "string",
              "minLength": 1,
              "description": "Path to APK file"
            },
            "entryId": {
              "type": "string",
              "minLength": 1,
              "description": "Entry ID for existing scan"
            }
          }
        }
      }
    }
  }
}

Validation Errors

Common configuration errors and their meanings:

Error	Cause	Solution
Invalid config file	YAML syntax error or invalid structure	Check YAML indentation and property names
API key is required	Missing apiKey or NOXTARA_API_KEY	Add API key to config or environment
baseUrl must be non-empty	baseUrl is an empty string	Provide a valid URL or remove to use default

Configuration Commands

The CLI provides commands to work with configuration:

Generate JSON Schema

noxtara config schema

Outputs the complete JSON schema for IDE autocompletion and validation.