Skip to main content


In some cases, we don't have an extension for installing and running Cimon. This is either due to a lack of infrastructure or to the requirement to install it manually. In such cases, we've provided methods for installing and executing Cimon. Our extensions (GitHub Actions and Azure Pipelines) do precisely that behind the scenes.

Installation Cimon CLI

The quickest way to install Cimon CLI is with the install script. It will automatically select the latest version according to the architecture. The default folder for the installation is ./bin:

curl -sSfL | sh -s -- -h

sh: download go binaries for Cimon
Usage: sh [-b] bindir [-d] [tag]
-b sets bindir or installation directory, Defaults to ./bin
-d turns on debug logging
[tag] is a tag from
If tag is missing, then the latest will be used.


Fetching the latest version to ./bin

curl -sSfL | sh

Installing Cimon to a path that is already included in the PATH variable, but it will require higher privileges:

curl -sSfL | sudo sh -s -- -b /usr/local/bin

cimon -h

Fetching a specific version tag

curl -sSfL | sh -s -- v0.10.0

Available Sub-commands

  • cimon agent start - Start the Cimon agent in the foreground.
  • cimon agent start-background - Start Cimon agent in the background.
  • cimon agent stop - Stop Cimon agent and print logs


Here are the parameters that are supported:

Environment VariableDefaultDescription
CIMON_CLIENT_IDCimon client ID for authentication
CIMON_SECRETCimon secret for authentication
CIMON_URLCimon endpoint for authentication
CIMON_PREVENTfalseEnable prevention mode
CIMON_ALLOWED_IPSA comma or white space separated list of allowed IP addresses
CIMON_ALLOWED_HOSTSA comma or white space separated list of allowed domain names. The left-most label can be the wildcard character (*) to match multiple subdomains (e.g. *
CIMON_IGNORED_IP_NETSA comma or white space separated list of ignored IP networks in CIDR notation, e.g., This setting is mandatory if your workflow runs containers attached to a custom network with configured sub-range. In other words, inter-container networking is usually ignored by Cimon. Cimon implicitly ignores and networks.
CIMON_REPORT_PROCESS_TREEfalseEnable to report the process tree
CIMON_SLACK_WEBHOOK_ENDPOINTSlack webhook endpoint to report security events
CIMON_LOG_LEVELinfoLog level (Used for debugging)