CI quality gate
Stop risky pull requests before review fatigue starts.
Run the same local rules in GitHub Actions, upload SARIF, annotate pull requests, and enforce a merge threshold.
Deterministic gates
Use severity thresholds and policy files to turn scan output into a clear pass/fail signal.
- SARIF upload
- PR comments
- GitHub annotations
- Repo slot validation
Minimal workflow
Add the action and pass the license key through repository secrets.
uses: T-and-T-soft/code-radar/action@v1
with:
license-key: ${{ secrets.RADAR_LICENSE_KEY }}
fail-on: high