CI/CD Integration
Using BouncerFox as a merge gate in CI/CD pipelines. The CLI is a Go binary (NOT Node.js/npm).
GitHub Actions (recommended)
Using the official action:
name: BouncerFox Scan
on: [pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: bouncerfox/cli@v0
with:
path: .
format: sarif
severity: warn
GitHub Actions with SARIF Upload
name: BouncerFox Scan
on: [pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: bouncerfox/cli@v0
with:
path: .
format: sarif
severity: warn
- name: Upload SARIF
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
GitHub PR Comments
BouncerFox can post findings directly as PR comments and check runs:
- name: Run scan with PR comments
run: ./bouncerfox scan . --github-comment --pr-number ${{ github.event.pull_request.number }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Features: creates/updates check run with inline annotations (max 50 per call, paginates), posts summary comment with finding counts.
PR number is auto-detected from GITHUB_EVENT_PATH in GitHub Actions, so --pr-number is optional in that context.
Exit Codes
| Code | Meaning |
|---|---|
| 0 | No findings at or above threshold |
| 1 | One or more findings |
| 2 | Scanner error |
Pre-commit Hook
#!/bin/sh
# .git/hooks/pre-commit
bouncerfox scan . --severity high