Demo of GuardAI
This demo provides an overview of how the GuardAI tool can be used both in a CI pipeline and locally via the command line.
GuardAI can be integrated into your CI pipeline using GitHub Actions/Workflows. In this example, the workflow is configured to run on pull requests targeting the main branch. The action scans the code in the specified directory and generates a report. The workflow then posts the results as a comment on the pull request.
- Workflow File: Demo CI Workflow
- Pull Request Example: #2: Demonstration PR
- Run GuardAI Action: The action scans the code in the
srcdirectory and outputs the results to a file (guardai_output.txt). - Comment on PR: The content of the
guardai_output.txtfile is automatically posted as a collapsible comment on the pull request, allowing reviewers to easily view the scan results.
Example of how the GuardAI output is commented on a PR:
GuardAI is also designed to be used locally via the command line, allowing developers to scan their code for vulnerabilities before pushing changes to a repository. This ensures that issues can be caught early in the development process.
-
Run GuardAI from the command line:
pip install guardai export OPENAI_API_KEY=<KEY> guardai --provider openai --directory ./src
-
Review the output: GuardAI will scan the code in the specified directory and output the results directly in your terminal or to a specified output file.
Example of GuardAI CLI usage:
Summary:
For more information, check out the GuardAI repository.