Securie for GitHub Actions — CI-native security gate

in-progress

The `securie/action@v1` GitHub Action is in private beta. When live, one line in your workflow file runs the full Securie scan as a CI step, posts annotations on the PR diff where fixes are needed, and fails the build on critical findings. Configuration is minimal — the action reads Securie's remote policy, so fail-severity, scanner selection, and reporting style are controlled centrally.

What it does

Runs the full Securie scanner suite as a CI step. Posts annotations on the PR diff (the same GitHub UI that shows ESLint warnings) so every finding appears at the line that caused it. Fails the workflow if the scan finds critical issues (or your configured threshold). Uploads a SARIF report to GitHub's Code Scanning tab for team-wide visibility. Runs alongside, not instead of, the GitHub App integration — useful if you prefer CI-integrated scanning over PR-bot-integrated scanning.

When to use it

Best fit: teams where CI is the canonical integration point and other tools (Snyk, CodeQL, Semgrep) are already wired as actions. Good for teams that want the scan to happen in a known environment with cached dependencies, rather than in the GitHub App's sandbox.

Limitations

Pre-launch. Runs as part of the workflow — so the scan counts against your GitHub Actions minutes. Requires either a Securie API token (stored as a GitHub secret) or the Securie GitHub App for OAuth. Can't open fix PRs on its own — that feature requires the GitHub App.

Install

  1. When live: add a workflow step to .github/workflows/ci.yml
  2. - uses: securie/action@v1
  3. with:
  4. token: ${{ secrets.SECURIE_TOKEN }} # or OAuth via the GitHub App
  5. fail-on-severity: critical # critical | high | medium | none
  6. Push a PR — findings appear as annotations inline on the diff