GitHub Action
Run OLYDI scans in CI with the olydi-action workflow.
GitHub Action
olydi-action runs a scan on every push or pull request and uploads the results to the repository Security tab as SARIF.
Usage
Add the action to a workflow under .github/workflows/:
name: olydi
on:
push:
branches: [main]
pull_request:
permissions:
contents: read
security-events: write
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: olydi/olydi-action@v2
with:
# optional: fail the job above this severity gate
fail-on: high
Permissions
The action requires security-events: write to upload SARIF to the Security tab, and contents: read to check out the repository. It does not request write access to repository contents — remediation pull requests are opened by the GitHub App, not the Action.
Output
The job summary lists findings by category and severity. The full result set is mirrored to the Security tab where it can be triaged alongside CodeQL and other SARIF producers.
