CSPctl Otter Logo
CLI Tool

Content Security Policy Control Plane

Manage CSP policies, monitor violations in real-time, and deploy changes safely with progressive rollout

Quick Install

curl -fsSL https://install.cspctl.com/install.sh | sh

After installation, verify with: cspctl --version

Quick Start

Deploy Your First Policy in 4 Steps

Get up and running with CSPctl in minutes. Follow these commands to create, test, and deploy your Content Security Policy.

1. Initialize Policy

cspctl init

Creates a csp.json file with secure defaults

1

2. Launch UI

cspctl ui

Opens visual editor at http://localhost:5173

2

3. Test & Deploy

cspctl rollout dry-run --app myapp -f csp.json

Analyze impact before deployment

3

4. Progressive Rollout

cspctl rollout set --app myapp --mode report-only --traffic 10

Start with 10% traffic in report-only mode

4

After deployment, monitor violations with:

cspctl reports --app myapp --env prod
Key Features

Powerful CSP Management Capabilities

CSPctl provides comprehensive tools for managing Content Security Policies with real-time monitoring, progressive rollout, and intelligent suggestions.

Manage CSP Policies

Create, deploy, and manage Content Security Policies across your applications with version control and caching.

Usage:

Initialize policy: cspctl init
Pull current policy: cspctl policy pull --app myapp -f policy.json
Deploy policy: cspctl policy push --app myapp -f policy.json
Set rollout mode: cspctl rollout set --app myapp --mode report-only

Example Policy:

default-src 'self'; script-src 'self' 'strict-dynamic'; base-uri 'none';

Monitor Violations

Stream real-time CSP violation reports with PII redaction and intelligent grouping for analysis.

Usage:

Stream reports: cspctl reports --app myapp --env prod
Filter violations: cspctl reports --app myapp --filter script-src
Group by host: cspctl reports --app myapp --group-by host
Get AI suggestions: cspctl policy suggest --app myapp --env prod

Example Policy:

Violation: script-src blocked cdn.bad (42 occurrences)

Progressive Rollout

Safely deploy CSP changes with traffic splitting and dry-run analysis to minimize impact.

Usage:

Test impact: cspctl rollout dry-run --app myapp -f policy.json
Start at 10%: cspctl rollout set --app myapp --mode enforce --traffic 10
Increase to 50%: cspctl rollout set --app myapp --traffic 50
Generate SRI: cspctl sri --path assets/*.js --algo sha384

Example Policy:

Rollout: 10% → 50% → 100% with monitoring at each stage