CI/CD Security

GitHub Actions Security Scan

Add an AI security gate to your pipeline in 3 lines. SwarmFlow fails the build when it finds vulnerabilities at or above your threshold — so insecure code never reaches main.

Start Free Scan

Drop this into .github/workflows/swarmflow.yml

name: SwarmFlow Security Gate
on: [push, pull_request]

jobs:
  security-gate:
    runs-on: ubuntu-latest
    steps:
      - uses: swarmflow-security/scan-action@v1
        with:
          api-key: ${{ secrets.SWARMFLOW_API_KEY }}
          threshold: high

Published on the GitHub Marketplace as swarmflow-security/scan-action.

How it works

1

Create an API key

In SwarmFlow → Settings → API Keys, generate a key and add it to your repo as the secret SWARMFLOW_API_KEY.

2

Add the workflow

Paste the 3-line step above. It runs on every push and pull request automatically.

3

Builds gate on severity

The job fails on findings at or above your threshold (e.g. high). Set it to critical for a looser gate.

What the gate catches

Hardcoded secrets & API keys
SQL / command injection
Cross-site scripting (XSS)
Vulnerable dependencies (CVEs)
Authentication & access-control flaws
OWASP Top 10 issues

Gate your pipeline in minutes

Create a free account, generate an API key, and add the action. No credit card required.

Start Scanning Free

Free plan · 3 scans/month · No credit card