# Install bagel with Homebrew, apt

CLI to audit posture and evaluate compromise blast radius. Version 0.7.1 via Homebrew; verified 2026-06-19.

## Install

```sh
sudo av install brew:bagel
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install bagel
```

  Evidence: local Homebrew formula metadata

### Linux

- Debian apt (92%):

```sh
sudo apt install bagel
```

  Evidence: Debian stable package indexes: bagel from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

## Package facts

- **Package key:** brew:bagel
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/bagel>
- **Version:** 0.7.1
- **Source summary:** CLI to audit posture and evaluate compromise blast radius
- **Homepage:** <https://boostsecurityio.github.io/bagel/>
- **Repository:** <https://github.com/boostsecurityio/bagel>
- **Upstream docs:** <https://boostsecurityio.github.io/bagel>
- **License:** GPL-3.0-or-later
- **Source archive:** <https://github.com/boostsecurityio/bagel/archive/refs/tags/v0.7.1.tar.gz>
- **Last updated:** 2026-06-19T18:32:48Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- bagel (cli)
- bagel (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.7.1
- Package-manager updated: 2026-06-19
- Local data: ok
- Upstream repository: https://github.com/boostsecurityio/bagel
- Upstream latest detected: v0.7.1 (current)
## Project history and usage

Bagel is a BoostSecurity CLI for inventorying security-relevant metadata on developer workstations. It focuses on supply-chain and endpoint posture signals such as tool configuration, risky settings, and the locations of secrets without collecting secret values.

### Project history

The boostsecurityio/bagel GitHub repository was created in February 2026, and its first v0.1.0 release followed the next day. The README describes it as a cross-platform CLI for macOS, Linux, and Windows that inspects developer machines and outputs structured JSON reports.

From its first public versions, Bagel documented a privacy-first boundary: metadata about paths, permissions, timestamps, key types, and config flags may be reported, but secret payloads are not written or exfiltrated. The README also positions Bagel as the open-source counterpart or lightweight lead-in to BoostSecurity's enterprise Developer Endpoint Protection product.

### Adoption history

Bagel's public adoption history is short because the repository and releases began in 2026. The batch metadata already shows Homebrew, Debian, and Ubuntu packaging, which suggests upstream wanted package-manager distribution quickly for workstation and CI use.

GitHub releases progressed from v0.1.0 in February 2026 to v0.7.1 in June 2026, indicating rapid early iteration around probes, detectors, output, and packaging.

### How it is used

Typical usage is bagel scan, producing JSON by default or table output for quick review. The README documents flags for output path, strict mode, cache rebuilds, progress display, verbose logging, config path, and disabling version checks.

Bagel checks areas such as Git, SSH, npm, environment variables, shell history, cloud credentials, JetBrains IDEs, GitHub CLI, and AI CLI tools. Security teams can use --strict as a CI gate when findings are present.

### Why package nerds care

Bagel is significant as an early example of developer-workstation posture scanning being packaged like a normal CLI. Instead of requiring an agent rollout, it can be installed with Homebrew or OS packages and run locally or in automation.

For package maintainers, its interesting boundary is privacy: the package scans sensitive locations but promises metadata-only output, making documentation and trust signals especially important.

### Timeline

- 2026-02: GitHub repository created and v0.1.0 released.
- 2026-03: v0.3.0 and v0.5.0 releases published during early iteration.
- 2026-06: v0.7.1 released.

### Related projects

- Bagel is related to BoostSecurity Developer Endpoint Protection, which the README describes as the enterprise-grade scale-out product.
- It is adjacent to secret scanners, SSH and Git hardening tools, cloud credential auditors, and developer endpoint inventory agents.

### Sources

- <https://boostsecurityio.github.io/bagel>
- <https://github.com/boostsecurityio/bagel>
- <https://github.com/boostsecurityio/bagel/releases>
- source_facts.package-manager


## Security Notes

No matching local secret-handling manifest was found for bagel. Nucleus package metadata is still published here so future coverage has a stable package URL.



## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: ./bagel.yaml, ~/.config/bagel/bagel.yaml
- Windows: %APPDATA%\bagel\bagel.yaml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** bagel
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - bagel - 1.2.2-8: normalized package name match | Debian stable package indexes: bagel from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Computational Chemistry Package | http://www.nubakery.org/
- Ubuntu apt - bagel - 1.2.2-7: normalized package name match | Ubuntu 24.04 LTS package indexes: bagel from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Computational Chemistry Package | http://www.nubakery.org/


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [modsurfer](https://www.automicvault.com/pkg/brew/modsurfer/) - Shares av.db curated category or tags: audit, cli, security.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.
- [aircrack-ng](https://www.automicvault.com/pkg/brew/aircrack-ng/) - Shares av.db curated category or tags: cli, security.
- [amass](https://www.automicvault.com/pkg/brew/amass/) - Shares av.db curated category or tags: cli, security.
- [anubis](https://www.automicvault.com/pkg/brew/anubis/) - Shares av.db curated category or tags: cli, security.
- [authoscope](https://www.automicvault.com/pkg/brew/authoscope/) - Shares av.db curated category or tags: cli, security.
- [azurehound](https://www.automicvault.com/pkg/brew/azurehound/) - Shares av.db curated category or tags: cli, security.
- [bandit](https://www.automicvault.com/pkg/brew/bandit/) - Shares av.db curated category or tags: cli, security.
- [poutine](https://www.automicvault.com/pkg/brew/poutine/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, security.
- [cargo-audit](https://www.automicvault.com/pkg/brew/cargo-audit/) - Security-sensitive metadata or terminology overlaps. Shared terms: audit, cli, security.

## Combined YAML source

View the package source record on GitHub. [combined/bagel.yml](https://github.com/automic-vault/db/blob/main/combined/bagel.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
