GitHub App
LiveInstall once. Check runs and a sticky comment on every pull request, with findings mirrored to the Security tab.
Install GitHub AppGet started
Pick your way in: the GitHub App, the olydi scan CLI, or the composite Action. You'll see your first finding in under three minutes. If a path isn't published yet, it routes you to early access — never a dead button.
npx @olydi/cli scan
Install once. Check runs and a sticky comment on every pull request, with findings mirrored to the Security tab.
Install GitHub AppRun the scan from a terminal or a pre-push hook. Authenticate once, then scan on demand with SARIF output.
npx @olydi/cli scanAdd one step to your workflow. Scans on pull requests and uploads SARIF to the Security tab.
Add the GitHub ActionCLI
Authenticate once, then scan on demand or from a pre-push hook. Output is SARIF, so it drops straight into your existing pipeline.
npx @olydi/cli scanComposite Action
The Action scans on pull requests and uploads SARIF to the Security tab. It gates the merge on exploit-reachable findings only.
# .github/workflows/olydi.yml
- uses: olydi/olydi-action@v2
with:
fail-on: high
upload-sarif: trueSARIF to the Security tab
Every scan emits standard SARIF. The GitHub App and the Action both upload it, so findings appear in the GitHub Security tab next to your other code-scanning alerts, with check runs and a sticky PR comment.
detected stack
OLYDI fingerprints the repository and runs only the capabilities that match, so you see a focused finding set in under three minutes.