BASILE

Installation

# Global install (recommended)
npm install -g @funkymed/basile
basile doctor

# One-off run without install
npx @funkymed/basile doctor

Quick start

basile init                                # generates cookbook.yaml
basile setup --recipe cookbook.yaml        # installs missing tools
basile scan --recipe cookbook.yaml         # preflight + scan + report

Commands

Usage modes

1. Without cookbook (ad-hoc)

Code target:

basile scan --target ./apps/api --stacks php,symfony --scanners phpstan,bearer

URL target:

basile scan --url https://example.com --scanners lighthouse,headers,zap-baseline

Recon / EASM shortcuts (v0.0.7+):

basile subfinder example.com                   # subdomain enum
basile waf https://example.com                 # WAF detection
basile recon example.com                       # full attack surface

See docs/examples/code-php-scan.md, docs/examples/code-typescript-scan.md, docs/examples/url-quick-scan.md, docs/examples/recon-scan.md.

2. With cookbook (declarative, recommended)

basile scan --recipe cookbook.yaml
basile scan --recipe cookbook.yaml --auto-install   # install missing tools at preflight
basile scan --recipe cookbook.yaml --skip-preflight # bypass tool check

See docs/examples/multistack-cookbook.md.

3. Single scanner

basile scan --target . --scanners gitleaks
basile scan --url https://example.com --scanners lighthouse

See docs/examples/single-scanner.md.

Scanners by stack

Detailed catalog (role, options): docs/scanners.md.

Scanners by execution mode

basile doctor reports in real time what's available locally vs through Docker.

Cookbook YAML

Minimal example:

name: audit-client-x
output: ./reports/{{date}}-{{name}}
parallel: 4

targets:
  - id: api
    type: code
    path: ./apps/api
    stacks: [php, symfony]
    scanners: [phpstan, phpcs, composer-audit, semgrep, bearer]

  - id: prod
    type: url
    url: https://app.client.fr
    scanners: [lighthouse, pa11y, zap-baseline, headers, ssllabs-scan]

report:
  formats: [md, pdf]
  template: executive       # executive | technical | security
  group_by: [target, severity]
  min_severity: low

Full annotated cookbook: docs/examples/multistack-cookbook.md.

Batched setup

Missing tools grouped by package manager (1 brew install A B C, 1 npm i -g X Y Z, parallel Docker pulls).

basile setup --stack url --yes                  # everything for URL audit
basile setup --stack php,symfony                # PHP + Symfony
basile setup --category dast --yes              # all DAST tools
basile setup --all --yes                        # entire registry
basile setup --recipe cookbook.yaml             # only what recipe needs
basile setup --all --docker-concurrency 5       # cap docker parallelism

Filters: --stack (php, symfony, wordpress, typescript, react, nodejs, url) | --category (security, quality, performance, a11y, deps, secrets, privacy, sast, dast, lint).

Output

reports/<run>/
├── raw/*.json              # raw output per scanner
├── findings.ndjson         # normalized findings
├── meta.json               # run metadata
├── report.md               # Markdown report
└── report.pdf              # if pdf in report.formats

Re-render without re-scanning:

basile report --from reports/2026-05-06-audit-client-x --pdf
basile report --from reports/<run> --template technical

UI modes (--ui): pretty (TTY), plain (CI), json (NDJSON pipe), quiet.

Further reading

• Scanner catalog: docs/scanners.md
• Examples: docs/examples/
• Architecture & contributing: CONTRIBUTING.md
• Build & npm release: docs/internal/release.md