GitHub Actions

Ariftly provides an official GitHub Action for easy integration into your workflows.

Quick setup

# .github/workflows/ariftly.yml
name: Ariftly Risk Scan

on:
  pull_request:
    branches: [main]
  push:
    branches: [main]

jobs:
  scan:
    name: Risk Scan
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run Ariftly Scan
        uses: ariftly/scan-action@v1
        with:
          api_key: ${{ secrets.ARIFTLY_API_KEY }}
          project_id: ${{ vars.ARIFTLY_PROJECT_ID }}
          detectors: accessibility,security,ai_readiness
          fail_threshold: 70

Action inputs

Input	Required	Default	Description
api_key	✅	—	Ariftly API key
project_id	✅	—	Project ID to scan
detectors	No	All available	Comma-separated list of detectors
fail_threshold	No	—	Overall risk score to fail the job
security_threshold	No	—	Security-specific threshold
accessibility_threshold	No	—	Accessibility-specific threshold
target_url	No	—	Override the project's target URL
environment	No	—	Environment name for this scan
wait_timeout	No	600	Seconds to wait for scan completion
sarif_upload	No	false	Upload results to GitHub Code Scanning

Action outputs

Output	Description
scan_id	ID of the triggered scan
risk_score	Overall risk score (0–100)
risk_level	Risk level (low, medium, high, critical)
security_score	Security detector score
accessibility_score	Accessibility detector score
ai_readiness_score	AI readiness detector score
results_url	Link to full results in Ariftly dashboard

Full workflow example

name: Ariftly Risk Scan

on:
  pull_request:
    branches: [main, develop]

jobs:
  scan:
    name: Risk Scan
    runs-on: ubuntu-latest
    permissions:
      security-events: write  # required for SARIF upload
      pull-requests: write    # required for PR comments

    steps:
      - uses: actions/checkout@v4

      # Deploy to staging first (your existing step)
      - name: Deploy to staging
        run: |
          echo "Deploying to staging..."
          # Your deployment script here

      - name: Run Ariftly Scan
        id: ariftly
        uses: ariftly/scan-action@v1
        with:
          api_key: ${{ secrets.ARIFTLY_API_KEY }}
          project_id: ${{ vars.ARIFTLY_PROJECT_ID }}
          detectors: accessibility,security
          target_url: https://staging.myapp.example.com
          environment: staging
          fail_threshold: 70
          security_threshold: 50
          sarif_upload: true

      - name: Upload SARIF to GitHub Code Scanning
        if: always()
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: ariftly-results.sarif

      - name: Comment risk score on PR
        if: github.event_name == 'pull_request'
        uses: actions/github-script@v7
        with:
          script: |
            github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: `## Ariftly Risk Scan Results\n\n` +
                    `**Overall Risk Score:** ${{ steps.ariftly.outputs.risk_score }}/100 (${{ steps.ariftly.outputs.risk_level }})\n\n` +
                    `| Detector | Score |\n|---|---|\n` +
                    `| Security | ${{ steps.ariftly.outputs.security_score }} |\n` +
                    `| Accessibility | ${{ steps.ariftly.outputs.accessibility_score }} |\n` +
                    `| AI Readiness | ${{ steps.ariftly.outputs.ai_readiness_score }} |\n\n` +
                    `[View full report](${{ steps.ariftly.outputs.results_url }})`
            })

Setting up secrets and variables

In your GitHub repository:

1. Go to Settings → Secrets and variables → Actions
2. Add secret: ARIFTLY_API_KEY (your API key)
3. Add variable: ARIFTLY_PROJECT_ID (your project ID)

API keys are secrets (sensitive). Project IDs are non-sensitive and can be variables.