gitwtfhub

wtf is gixy?

yandex/gixy — explained in plain English

Analysis updated 2026-06-24

8,556PythonAudience · ops devopsComplexity · 2/5Setup · easy

TL;DR

A command-line tool from Yandex that scans Nginx configuration files for security vulnerabilities like SSRF, HTTP splitting, path traversal, and header misconfigurations, and reports findings with severity levels and fix references.

Mindmap

mindmap
  root((Gixy))
    What it checks
      SSRF
      HTTP splitting
      Path traversal
      Header misuse
    Usage
      pip install
      Docker image
      CLI invocation
    Output
      Issue description
      Severity level
      Reference links
    Platform
      GNU Linux
      Python based

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Why would anyone build with this?

REASON 1

Scan your Nginx config for known security vulnerabilities before deploying to production.

REASON 2

Use the Docker image to audit an Nginx config without installing Python or any local dependencies.

REASON 3

Integrate Gixy into a CI pipeline to automatically catch Nginx misconfigurations on every code change.

What's in the stack?

PythonDocker

How it stacks up

yandex/gixymvig-sjtu/alphaposefirmai/financial-machine-learning
Stars8,5568,5588,549
LanguagePythonPythonPython
Setup difficultyeasyhardeasy
Complexity2/54/51/5
Audienceops devopsresearcherresearcher

Figures from each repo's GitHub metadata at analysis time.

How do you spin it up?

Difficulty · easy Time to first run · 5min

Officially tested on GNU/Linux only, other operating systems may have issues per the README.

Wtf does this do

Gixy is a command-line tool from Yandex that analyzes Nginx configuration files for security problems. Nginx is a popular web server, and its configuration files control how the server handles requests, routes traffic, and sets HTTP headers. Misconfigured Nginx setups can introduce security vulnerabilities even when the application code itself is fine. Gixy reads your configuration file and flags specific patterns known to cause problems. The types of issues it currently checks for include server-side request forgery, HTTP splitting, problems with how referrer and origin headers are validated, misuse of the add_header directive, host header forgery, path traversal through misconfigured aliases, and multiline response headers. Each detected issue includes a description, a severity level, and a reference link with more details. The output shows which part of the configuration triggered the finding. You install Gixy with pip and run it from the command line, pointing it at your nginx.conf file. By default it looks for the configuration at /etc/nginx/nginx.conf, but you can specify any path. Individual checks can be skipped if you know they are not relevant for your setup. A Docker image is also available if you prefer not to install it locally, and you can mount your configuration file as a volume for analysis. The project was built and is maintained by Yandex. It is written in Python and tested on GNU/Linux. The README notes that other operating systems may have issues. New detection plugins can be contributed, and there is an open issue tracker for tracking planned additions.

Yoink these prompts

Prompt 1
Run Gixy on my /etc/nginx/nginx.conf to check for security issues and explain what each finding means and how to fix it.
Prompt 2
Use the Gixy Docker image to scan my nginx.conf by mounting it as a volume, give me the exact Docker run command.
Prompt 3
Add Gixy to my GitHub Actions workflow to check Nginx configuration files on every pull request and fail the build on findings.
Prompt 4
Gixy flagged an add_header directive misuse in my config, explain the vulnerability and show me the corrected Nginx configuration.

Frequently asked questions

wtf is gixy?

A command-line tool from Yandex that scans Nginx configuration files for security vulnerabilities like SSRF, HTTP splitting, path traversal, and header misconfigurations, and reports findings with severity levels and fix references.

What language is gixy written in?

Mainly Python. The stack also includes Python, Docker.

How hard is gixy to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is gixy for?

Mainly ops devops.

View the repo → Decode another repo

This repo across BitVibe Labs

Don't trust strangers blindly. Verify against the repo.