Configuration

SPECTRA is configured through a .env file in the project root and optionally through environment variables set in the shell or CI/CD pipeline.


.env File

Copy the template and populate your values:

cp .env.example .env

A complete .env file looks like this:

# Required
ANTHROPIC_API_KEY=sk-ant-...

# Optional — override defaults
SPECTRA_MODEL=claude-sonnet-4-6
SPECTRA_FORMAT=both
SPECTRA_OUTPUT=reports/latest
SPECTRA_MAX_TOKENS=4096

Never commit .env to version control. It is listed in .gitignore by default.


Required Variables

VariableDescription
ANTHROPIC_API_KEYYour Anthropic API key. Obtain one at console.anthropic.com.

Optional Variables

VariableDefaultDescription
SPECTRA_MODELclaude-sonnet-4-6Claude model to use for analysis. See supported models below.
SPECTRA_FORMATmarkdownDefault output format: markdown, json, or both.
SPECTRA_OUTPUT./spectra_reportDefault output path prefix.
SPECTRA_MAX_TOKENS4096Maximum response tokens. Increase for large scans.
SPECTRA_SCANNER(auto)Force scanner detection: trivy, semgrep, generic.

Supported Claude Models

ModelIDNotes
Claude Sonnet 4.6 (default)claude-sonnet-4-6Best balance of speed and quality for most analysis workloads
Claude Opus 4.7claude-opus-4-7Highest quality — recommended for complex multi-scanner batch runs
Claude Haiku 4.5claude-haiku-4-5-20251001Fastest and lowest cost — suitable for high-volume pipeline use

Override the model per-run with the --model flag:

spectra analyze trivy.json --model claude-opus-4-7 --format both --output reports/deep-analysis

CI/CD Configuration

In CI/CD environments, inject ANTHROPIC_API_KEY as a repository secret — do not store it in .env files committed to your repository.

See CI/CD Integration for platform-specific examples.


Configuration Precedence

When the same option is set in multiple places, SPECTRA resolves in this order (highest to lowest):

  1. CLI flag (--format, --output, etc.)
  2. Shell environment variable
  3. .env file value
  4. Built-in default

Next: Supported Scanners →