| .. | ||
| action.yml | ||
| README.md | ||
aikido-pr-scan
Run Aikido security scan on a PR in gating mode — fails if new vulnerabilities are introduced.
Inputs
| Input | Required | Default | Description |
|---|---|---|---|
aikido-api-key |
Yes | Aikido CI API key (AIK_CI_xxx) |
|
fail-on |
No | high |
Minimum severity to fail on (low, medium, high, critical) |
Usage
- uses: schmalz/shared-actions/.github/actions/aikido-pr-scan@v1
with:
aikido-api-key: ${{ secrets.AIKIDO_API_KEY }}
Notes
- Uses the
aikidosecurity/local-scannerDocker image to scan inside the CI runner. - Runs in PR gating mode: only detects new vulnerabilities introduced by the PR (diff-based).
- Repository name and branch are auto-detected from Forgejo environment variables.
- The API key is passed via environment variable, never interpolated in shell commands.
- Base and head commit IDs are derived from
GITHUB_BASE_SHAandGITHUB_SHA.