Home/Documentation
Reference Guide

Documentation

Everything you need to install, configure, and run Garrison.

Quick Start

Get Garrison running in 5 minutes with the following steps.

Requires Python 3.9+ and pip. Optional: Rust (for Aderyn), Go (for Medusa), Foundry.
bash — Quick Start
# Option A: Install from PyPI (recommended)
$ pip install garrison-security --upgrade

# Option B: Install from source
$ git clone https://github.com/RunTimeAdmin/garrison-engine
$ cd garrison-engine && pip install -e .

$ garrison --help

✓ Garrison v3.0.0 ready

Installation

Core Installation

bash
# Install from PyPI (recommended)
$ pip install garrison-security --upgrade
Successfully installed garrison-security-3.0.0

# Install with AI/RAG features (required for Pro AI Copilot)
$ pip install garrison-security[ai]

# Install with web UI support
$ pip install garrison-security[web]

# Install with development dependencies
$ pip install garrison-security[dev]

# Or install from source (development)
$ git clone https://github.com/RunTimeAdmin/garrison-engine
$ cd garrison-engine && pip install -e .

# Core dependencies (auto-installed)
$ pip install requests packaging tomli solc-select

# Install Slither (static analysis, optional)
$ pip install slither-analyzer

# Install specific Solidity version
$ solc-select install 0.8.19 && solc-select use 0.8.19

Optional Tools

bash
# Aderyn (Rust-based analyzer)
$ cargo install aderyn

# Medusa (coverage-guided fuzzer)
$ go install github.com/crytic/medusa/cmd/medusa@latest

# Foundry (invariant testing)
$ curl -L https://foundry.paradigm.xyz | bash && foundryup

Pro License Activation

bash
# Method 1: Environment variable (recommended for CI/CD)
$ export GARRISON_PRO_LICENSE=your-license-key-here

# Method 2: Add to garrison.toml config file
[license]
key = "your-license-key-here"

# Get your license at app.garrisonsec.com/pricing
# Pro unlocks: AI Copilot, Attack Graph, Exploit PoC, Solana, HTML/SARIF

First Audit

Option 1: GUI (Easiest)

bash
$ python gui.py
→ Select contract → Check boxes → Click "Run Selected Checks"

Option 2: CLI (Professional)

bash
# Fast PR check (blockers only)
$ garrison scan ./contracts --config garrison-pr.toml

# Full audit with HTML report
$ garrison scan ./contracts --config garrison-audit.toml --report --project-name "MyDeFi"

# Bug bounty mode (max coverage)
$ garrison scan ./contracts --config garrison-bounty.toml --medusa

Configuration Files

Garrison uses TOML configuration files to control analyzer behavior, severity thresholds, and output formats.

toml — garrison-audit.toml
# Garrison — Full Audit Configuration

[project]
name = "MyDeFi Protocol"
version = "3.0.0"

[analyzers]
slither     = true
aderyn      = true
mythril     = true
ai_copilot  = true
attack_path = true
time_travel = true

[thresholds]
blocker_severity = "HIGH"
max_findings     = 0  # 0 = fail on any HIGH

[output]
html_report = true
md_report   = true
json_output = false

Audit Profiles

ProfileFileUse CaseSpeed
PR Checkgarrison-pr.tomlFast CI gate — blockers only, skip slow analyzers< 2 min
Full Auditgarrison-audit.tomlComplete audit with all analyzers, 250K fuzz tests10–30 min
Bug Bountygarrison-bounty.tomlMaximum coverage, 500K fuzz tests, AI exploit gen1–2 hours
Solanagarrison-solana.tomlSolana/Anchor programs, 35 Rust security patterns5–15 min

CLI Reference

FlagDescriptionDefault
--targetPath to contracts directory or fileRequired
--configTOML configuration file pathgarrison-pr.toml
--reportGenerate HTML + Markdown reportsfalse
--project-nameProject name for reportsDirectory name
--medusaEnable Medusa fuzzingfalse
--historyEnable Time-Travel Git Scannerfalse
--commitsNumber of commits to scan (with --history)50
--ragEnable AI Audit Copilot RAG enrichmentfalse
--fingerprintRun Protocol Fingerprint Scannerfalse
--solanaEnable Solana/Anchor analysis modefalse
--output-dirOutput directory for reportsCurrent dir
--verboseVerbose outputfalse
--helpShow help message

CI/CD Integration

Auto-Generate Pipeline Config

bash
# GitHub Actions
$ garrison generate-pipeline --platform github --output .github/workflows/

# GitLab CI
$ garrison generate-pipeline --platform gitlab --output .gitlab-ci.yml

# Azure DevOps
$ garrison generate-pipeline --platform azure --output azure-pipelines.yml

# Jenkins
$ garrison generate-pipeline --platform jenkins --output Jenkinsfile

GitHub Actions (Manual)

yaml — .github/workflows/garrison-security.yml
name: Garrison Security Audit
on:
  pull_request:
    branches: [main]

jobs:
  blocker-checks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install Garrison
        run: pip install garrison-security==3.0.0
      - name: Garrison PR Check (Blockers)
        run: |
          garrison-engine \
            --target ./contracts \
            --config garrison-pr.toml
  advisory-checks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install Garrison
        run: pip install garrison-security==3.0.0
      - name: Garrison Advisory Scan
        run: |
          garrison-engine \
            --target ./contracts \
            --config garrison-audit.toml \
            --report

API Reference

Garrison exposes a Python API for programmatic integration.

python
from garrison import Garrison, AuditConfig

# Initialize engine
engine = Garrison(
    config=AuditConfig.from_file("garrison-audit.toml")
)

# Run audit
results = engine.audit(target="./contracts")

# Access findings
for finding in results.findings:
    print(f"{finding.severity}: {finding.title}")
    print(f"  File: {finding.file}:{finding.line}")

# Generate report
results.export_html("audit_report.html")
results.export_markdown("audit_report.md")

Changelog

v3.0.0 — April 19, 2026 Latest

  • Published to PyPI: pip install garrison-security==3.0.0
  • Python 3.9, 3.10, 3.11, 3.12 support confirmed
  • Development Status: 5 - Production/Stable
  • Tags: security, audit, smart-contracts, solidity, solana, blockchain
  • Extras: ai, advanced, web, dev
  • Core deps: requests, packaging, tomli, solc-select
  • Maintainer: ccie14019 (verified by PyPI)

v2.0.0 — February 2026

  • 21 integrated analyzers — full EVM + Solana coverage
  • 7 innovative features: AI Copilot, Attack Path Visualizer, Time-Travel Scanner, Anchor IDL Validator, CI/CD Generator, Exploit Generator, Fingerprint Scanner
  • 638+ tests passing
  • GUI + CLI interfaces
  • Docker deployment support
  • 3 execution profiles: PR / Audit / Bounty

Need More Help?

Check the full documentation on GitHub or open an issue for support.