CI/CD Integration

CI/CD Integration

Add secret scanning to your CI/CD pipelines

Redactyl integrates with all major CI/CD platforms. Add scanning to your pipelines to catch secrets before they reach production.

Quick Start

Add Redactyl to any CI pipeline with:

go install github.com/redactyl/redactyl@latest
redactyl scan --no-tui --sarif > redactyl.sarif.json

Platforms

GitHub Actions - SARIF integration with Code Scanning
GitLab CI - Pipeline artifacts and reports
Azure Pipelines - Azure DevOps integration
Bitbucket Pipelines - Bitbucket integration

Common Patterns

Fail on Findings

redactyl scan --no-tui
# Exit code 1 if findings detected

Fail on High Severity Only

redactyl scan --no-tui --severity high

Upload SARIF

Most platforms support SARIF for security findings:

redactyl scan --sarif > redactyl.sarif.json

Scan Container Images

redactyl scan --image $IMAGE_NAME:$IMAGE_TAG --no-tui

Scan Helm Charts

redactyl scan --helm ./charts --no-tui

Best Practices

Scan on every PR - Catch secrets before merge
Scan main branch - Detect secrets that slip through
Scan container images - Check what actually deploys
Use baselines - Reduce noise from known secrets
Upload SARIF - Get findings in your PR interface

CLI Reference

Complete command and flag reference for Redactyl

GitHub Actions

Add Redactyl to your GitHub Actions workflows with SARIF integration

On this page

Quick Start Platforms Common Patterns Fail on Findings Fail on High Severity Only Upload SARIF Scan Container Images Scan Helm Charts Best Practices