GitHub Action quality gate
Use the Marketplace wrapper when you want plugin-scanner in pull requests, release checks, or registry submission workflows.
The action lives in its own repository:
Minimal quality gateDirect link to Minimal quality gate
- name: AI plugin quality gate
uses: hashgraph-online/ai-plugin-scanner-action@v1
with:
plugin_dir: "."
mode: scan
fail_on_severity: high
min_score: 80
Common modesDirect link to Common modes
scanfor weighted quality scoringlintfor authoring feedback and rule-level findingsverifyfor runtime and install-surface checkssubmitfor artifact-backed submission gating
What the action can emitDirect link to What the action can emit
High-value outputs include:
scoregradepolicy_passverify_passmax_severity
SARIF upload is supported for GitHub code scanning workflows, and the action can also export submission payloads for downstream registry or review automation.
Typical pull request flowDirect link to Typical pull request flow
- install dependencies for the plugin or marketplace repo
- run the action on pull requests with
mode: scanormode: verify - upload SARIF when you want code scanning annotations
- fail the workflow on severity or minimum-score thresholds
- switch to
submitonly when the repository is ready to emit release or registry artifacts
Example with SARIFDirect link to Example with SARIF
- name: Scan plugin
id: plugin_scan
uses: hashgraph-online/ai-plugin-scanner-action@v1
with:
plugin_dir: "."
mode: scan
output_format: sarif
sarif_output: plugin-scanner.sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: plugin-scanner.sarif
Action and CLI togetherDirect link to Action and CLI together
The common split is:
hol-guardon developer machines for local harness protectionplugin-scannerin CI for maintainer and release gatesai-plugin-scanner-actionwhen you want the scanner wrapped for GitHub Actions consumers