CI/CD Instructions and Setup

This guide will help you integrate our smart contract security tool into your CI/CD pipeline. Automated security checks can help catch potential vulnerabilities early in the development process.

Availability

This feature is only accessible to Enterprise subscribers.

GitHub Actions Integration

Follow these steps to set up a CI workflow scan in your GitHub repository:

1. Access GitHub Action Setup

• Go to your profile by clicking on your user icon
• Select the "GitHub Action" tab

2. Set Up API Key

• Generate a new API key by clicking "Generate Key"
• Save this key for the next steps

3. Select Repository to Scan

• Choose your GitHub organization
• Select the repository you want to scan
• Pick the branch containing your code
• Select the specific smart contract files to scan

4. Add API Key to GitHub

• Go to your GitHub repository
• Navigate to Settings → Secrets and variables → Actions
• Create a new secret named AUDIT_AGENT_TOKEN with your API key

5. Configure CI Workflow

• Select which target branch to monitor
• Copy the generated YAML workflow
• Add this YAML to a new file in your repository's .github/workflows/ directory

Once set up, the AI Auditor will automatically:

• Scan your code when changes are pushed or pull requests are created
• Identify potential security vulnerabilities
• Provide feedback directly in your GitHub workflow

warning

Continuous Integration (CI) scans will be triggered automatically and will report results within a few minutes after changes are pushed. Please note that this is a streamlined and faster version of our main AuditAgent scans, and as such, may not provide the same level of depth or performance.

This integration helps catch security issues early in your development process before they reach production.