TachyonicTachyonic

Configuration

Configuration options for the Tachyonic scanner

Heuristics Library

Tachyonic loads attack definitions from a YAML library. By default, it checks ~/.tachyonic/attacks/.

# Use a custom path
export HEURISTICS_PATH=/opt/tachyonic

# Include built-in attacks alongside the library
tachyonic scan --target ... --include-builtin

The public attack taxonomy is at github.com/tachyonicai/tachyonic-heuristics.

Output Formats

JSON (default)

tachyonic scan --target ... --format json --output results.json

Contains full scan metadata, all results with payloads/responses, score, and remediations.

HTML

tachyonic scan --target ... --format html --output report.html

Self-contained HTML report with severity breakdown, findings detail, and remediation guidance.

SARIF

tachyonic scan --target ... --format sarif --output results.sarif

Static Analysis Results Interchange Format. Compatible with GitHub Code Scanning and other SARIF viewers.

Parallel Execution

tachyonic scan \
  --target ... \
  --parallel \
  --max-concurrent 4 \
  --min-delay 150
  • --parallel enables concurrent attack execution
  • --max-concurrent controls parallelism (default: 5)
  • --min-delay sets minimum ms between requests (default: 100)

Cost Control

tachyonic scan --target ... --max-cost 5.00

Stops the scan when estimated cost exceeds the threshold. Cost is estimated from token usage per provider pricing.

Baseline Comparison

Compare against a previous scan to see what changed:

# Save a baseline
tachyonic scan --target ... --save-baseline baseline.json

# Compare against it
tachyonic scan --target ... --baseline baseline.json

Request Customization

Custom Headers

For targets behind authentication or custom routing:

tachyonic scan \
  --target https://your-api.com/chat \
  --request-overrides '{"headers":{"X-Custom-Auth":"token123"}}'

Tool Definitions

Include tool/function definitions in scan requests:

tachyonic scan \
  --target ... \
  --tools-file tools.json \
  --tool-choice auto

Request Overrides

Merge additional fields into every request:

tachyonic scan \
  --target ... \
  --request-overrides '{"temperature":0,"max_tokens":1024}'

Or from a file:

tachyonic scan \
  --target ... \
  --request-overrides-file overrides.json

Detection and Triage

How Tachyonic detects vulnerabilities and reduces false positives

On this page

Heuristics LibraryOutput FormatsJSON (default)HTMLSARIFParallel ExecutionCost ControlBaseline ComparisonRequest CustomizationCustom HeadersTool DefinitionsRequest Overrides