GitHub Action

Run OLYDI scans in CI with the olydi-action workflow.

GitHub Action

olydi-action runs a scan on every push or pull request and uploads the results to the repository Security tab as SARIF.

Usage

Add the action to a workflow under .github/workflows/:

name: olydi
on:
  push:
    branches: [main]
  pull_request:

permissions:
  contents: read
  security-events: write

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: olydi/olydi-action@v2
        with:
          # optional: fail the job above this severity gate
          fail-on: high

Permissions

The action requires security-events: write to upload SARIF to the Security tab, and contents: read to check out the repository. It does not request write access to repository contents — remediation pull requests are opened by the GitHub App, not the Action.

Output

The job summary lists findings by category and severity. The full result set is mirrored to the Security tab where it can be triaged alongside CodeQL and other SARIF producers.