Skip to main content

CI/CD Instructions and Setup

This guide will help you integrate our smart contract security tool into your CI/CD pipeline. Automated security checks can help catch potential vulnerabilities early in the development process.

Availability

This feature is only accessible to Pro and Enterprise subscribers.

GitHub Actions Integration

Follow these steps to set up a CI workflow scan in your GitHub repository:

1. Set Up an API Key

  • Go to your profile by clicking on your user icon
  • Select the "API Keys" tab
  • Generate a new API key by clicking "Generate Key"
  • Save this key for the next steps

API Key Management Section

2. Access GitHub Action Setup

  • Navigate to the "Github Action" tab

GitHub Action Tab Selection

3. Select the Repository to Scan

  • Choose your GitHub organization
  • Select the repository you want to scan
  • Pick the branch containing your code
  • Select the language of your smart contracts
  • Select the specific smart contract files to be scanned

Repository Selection

4. Add API Key to GitHub

  • Go to your GitHub repository
  • Navigate to Settings → Secrets and variables → Actions
  • Create a new secret named AUDIT_AGENT_TOKEN with your API key

5. Configure CI Workflow

  • Select the target branch to monitor
  • Start an indexing scan
    • If we have an old index for your target branch, this step becomes optional and you'll see a text describing the state of our index. Index State Example 1 Index State Example 2
    • You do not have to wait for the indexing to finish. Please contiue to the next step and feel free to leave the page once you're done with the set up.
  • Copy and add the generated YAML file to your repository's .github/workflows/ directory

Workflow Configuration

info

You can also adjust the workflow yourself directly by adding/removing smart contract files or even entire folder with the wildcard pattern. For instance:

  • "contractFiles": ["src/will.sol"] for specific file(s)
  • "contractFiles": ["src/contracts/*"] for specific folder(s)
  • "contractFiles": ["src/**"] for recursive folder(s)

Once set up (and after the indexing scan is finished), the AI Auditor will automatically:

  • Scan your code when changes are pushed or pull requests are created to update its understanding of your codebase
  • Identify potential security vulnerabilities
  • Provide feedback directly in your GitHub workflow
warning

Continuous Integration (CI) scans will be triggered automatically and will report results within a few minutes after changes are pushed. Please note that this is a streamlined and faster version of our main AuditAgent scans, and as such, may not provide the same level of depth or performance.

For information on the pricing of CI scans, please check Scan Pricing → CI Scans.

This integration helps catch security issues early in your development process before they reach production.