CI Integration

Run tirith in your CI/CD pipeline to catch threats before they reach production.

1GitHub Actions

Use tirith with SARIF output to see findings directly in the GitHub Security tab:

.github/workflows/tirith.yml
name: Security Scan
on: [push, pull_request]
 
jobs:
tirith-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
 
- name: Install tirith
run: cargo install tirith
 
- name: Scan repository
run: tirith score --format sarif > results.sarif
 
- name: Upload SARIF
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif

2GitLab CI

Export results as JSON for GitLab code quality integration:

.gitlab-ci.yml
tirith-scan:
image: rust:latest
stage: test
script:
- cargo install tirith
- tirith score --format json
artifacts:
reports:
codequality: tirith-report.json

3Generic CI

For any CI system, use the exit code to gate deployments:

shell
# Any CI system
$ tirith score --exit-code
# Exit code 0 = no blocking findings
# Exit code 1 = blocking findings detected

Output Formats

FlagFormatUse Case
--format textHuman-readableLocal development, logs
--format jsonJSONGitLab CI, custom tooling
--format sarifSARIF 2.1.0GitHub Security, VS Code

Environment Variables

VariableDescription
TIRITH_API_KEYAPI key for Team+ features (policy fetch, audit upload)
TIRITH_BYPASSSet to 1 to skip blocking (if policy allows)
TIRITH_LOGSet to 0 to disable audit logging