Gixy: Nginx Configuration Static Analyzer
Gixy is a tool designed to analyze NGINX configurations to enhance security and automate flaw detection. It supports Python versions 3.6 through 3.13 and is primarily tested on GNU/Linux systems. Gixy can identify a variety of security issues and offers automatic fixes for many detected problems.
- ▪Gixy helps prevent security misconfigurations in NGINX setups.
- ▪It detects issues related to injection, known CVEs, TLS and encryption, access control, and more.
- ▪Gixy can automatically fix many of the issues it identifies in the configuration.
Opening excerpt (first ~120 words) tap to expand
GIXY NoteKeep NGINX secure and up-to-date with maintained modules via NGINX Extras RPM repository by GetPageSpeed. Overview Gixy is a tool to analyze NGINX configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection. Currently supported Python versions are 3.6 through 3.13. Disclaimer: Gixy is well tested only on GNU/Linux, other OSs may have some issues. What it can do Gixy detects a wide range of security issues across these categories: Category Security Checks 🔓 Injection & Forgery SSRF · HTTP Splitting · Host Spoofing · Origin Bypass 🚨 Known CVEs Nginx CVE Advisor (pass --nginx-version=X.Y.Z; covers CVE-2026-42945 "NGINX Rift") 🔐 TLS & Encryption Weak SSL/TLS · HTTP/2 Misdirected Request · QUIC BPF Reuseport · OCSP Stapling Without…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.