shared-actions/aikido-pr-scan
2026-04-24 15:57:40 +02:00
..
action.yml refactor: move action to repo root 2026-04-24 15:57:40 +02:00
README.md refactor: move action to repo root 2026-04-24 15:57:40 +02:00

aikido-pr-scan

Run Aikido security scan on a PR in gating mode — fails if new vulnerabilities are introduced.

Inputs

Input Required Default Description
aikido-api-key Yes Aikido CI API key (AIK_CI_xxx)
fail-on No high Minimum severity to fail on (low, medium, high, critical)

Usage

- uses: schmalz/shared-actions/.github/actions/aikido-pr-scan@v1
  with:
    aikido-api-key: ${{ secrets.AIKIDO_API_KEY }}

Notes

  • Uses the aikidosecurity/local-scanner Docker image to scan inside the CI runner.
  • Runs in PR gating mode: only detects new vulnerabilities introduced by the PR (diff-based).
  • Repository name and branch are auto-detected from Forgejo environment variables.
  • The API key is passed via environment variable, never interpolated in shell commands.
  • Base and head commit IDs are derived from GITHUB_BASE_SHA and GITHUB_SHA.