Yes. No external API calls, telemetry, or update checks. Any built-in proxy/DNS/server binds to localhost only. Pull the network cable and run a full analysis — it completes normally.
No. A plain go build produces one self-contained binary. It parses APK/DEX directly and has its own decode/rebuild path. Docker is one option, not a requirement.
No — that flag is meaningless. Direct CLI analysis is the default: analyzer -t app.apk runs and writes reports with no extra flag. The interactive TUI is opt-in via -tui.
A fresh custom output dir expects a .omnisec-output marker file (a safety guard against clobbering unrelated folders). Fix: use the default analysis_output, or touch <dir>/.omnisec-output first. The GitHub Action does this automatically.
Two separate binaries built at compile time — not a runtime switch:
- Core (
go build ./pkg/cmd/analyzer): APK/DEX/Smali, manifest audit, secret triage, PE/ELF checks, all report formats. Pure Go, no cgo, no DLLs needed. - Full native (built via
cicd.ps1or cgo build tags): adds OmniSec (Rust), Zig SIMD ML, GNN. The resulting binary requires the.dll/.so/.dylibfiles at runtime — without them it will not start.
Prebuilt releases ship the core binary. See BUILD.md.
Only if you built the full native binary. Core binary users don't need them at all. If you have the full native binary, the DLLs must be present next to the executable — there is no silent fallback.
2012-era quad-core, 8 GB RAM, CPU-only. Peak RAM ~1.5–2 GB; typical runs 500–800 MB. No GPU, no CUDA.
No. ML is classical and local: HDC, GNN, gradient-boosted trees, random forest, logistic regression — all on CPU, nothing uploaded.
Windows detonation: just Windows (kernel/WFP monitors are optional). Android: ADB + a real device or emulator. Nothing is uploaded.
FlagiFiles.md — every flag, env var, build command. Curated cheat sheet: USAGE.md.
Solo project by design. Bug reports and ideas via Issues. Security bugs via private advisory.