CI/CD Integration
March 6, 2026 ยท View on GitHub
EasyAudit integrates with all major CI/CD platforms for automated code scanning. Results can be viewed as artifacts or integrated with platform-specific security dashboards.
Supported Platforms
| Platform | Config File | Documentation |
|---|---|---|
| GitHub Actions | .github/workflows/*.yml | github-actions.md |
| GitLab CI | .gitlab-ci.yml | gitlab-ci.md |
| Bitbucket Pipelines | bitbucket-pipelines.yml | bitbucket-pipelines.md |
| Azure DevOps | azure-pipelines.yml | azure-devops.md |
| CircleCI | .circleci/config.yml | circleci.md |
| Jenkins | Jenkinsfile | jenkins.md |
| Travis CI | .travis.yml | travis-ci.md |
Quick Example (GitHub Actions)
name: EasyAudit
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
container:
image: ghcr.io/crealoz/easyaudit:latest
steps:
- uses: actions/checkout@v6
- run: easyaudit scan --format=sarif --output=report.sarif .
- uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: report.sarif
๐ก Want automatic fixes? See Automated PR workflow
Output Formats
| Format | Use Case |
|---|---|
sarif | GitHub Code Scanning, GitLab SAST |
json | Custom tooling, artifacts, fix-apply input |
html | Visual report, shareable dashboards, upload as artifact |
Exit Codes
| Code | Meaning |
|---|---|
| 0 | No issues found |
| 1 | Warnings found |
| 2 | Errors found |
Use exit codes to fail builds on critical issues.
Magento Root Detection
When scanning a Magento installation root, EasyAudit automatically excludes noise directories (vendor, generated, var, pub, setup, lib, dev, phpserver, update). No --exclude flag needed.
CI Environment Detection
EasyAudit automatically detects CI environments and adds metadata to API requests. Supported detection:
GITHUB_ACTIONSโ GitHubGITLAB_CIโ GitLabBITBUCKET_PIPELINE_UUIDโ BitbucketTF_BUILDโ Azure DevOpsCIRCLECIโ CircleCIJENKINS_URLโ JenkinsTRAVISโ Travis CI
See Also
- CLI Usage - Command-line options
- Processors - Available checks
- Automated PR (paid) - Auto-fix via API