What this gives you
A singleuses: line that installs agent-guardian, runs a scan, writes SARIF, and uploads it to GitHub Code Scanning. Use this in place of the longhand workflow in GitHub Actions when you want the shortest possible adoption path.
Wire it up
Grant permissions
The calling workflow must grant
security-events: write so SARIF
upload succeeds, and pull-requests: write so the sticky PR comment can
be upserted. Composite actions cannot declare repository-level
permissions, so the caller owns this.Inputs
| Name | Default | Description |
|---|---|---|
target | "" | Positional dotted path (MODULE:ATTR). Mutually exclusive with the other target inputs. |
system-prompt | "" | Path to a system prompt file. |
endpoint | "" | Hosted HTTP endpoint URL. |
framework | "" | adk, autogen, crewai, langgraph, openai_agents, strands. |
framework-ref | "" | MODULE:ATTR for the framework-native object. |
model | stub | LLM spec (e.g. gemini:gemini-2.5-flash). |
mode | full | fast, smart, or full. |
budget-usd | "" | Runtime USD cap. Empty disables the cap. |
fail-under | 70 | Minimum AIVSS for exit-0. Empty skips the gate. |
max-critical | 0 | CRITICAL-finding ceiling (--max-critical). Exceeding it fails the gate. Empty disables this ceiling. |
max-high | "" | HIGH-finding ceiling (--max-high). Empty disables this ceiling. |
max-medium | "" | MEDIUM-finding ceiling (--max-medium). Empty disables this ceiling. |
max-low | "" | LOW-finding ceiling (--max-low). Empty disables this ceiling. |
comment | true | On a pull_request event, upsert a sticky AgentGuardian summary comment via agent-guardian comment. Set false to skip. |
output-path | agentguardian-scan.sarif | Where the SARIF is written. |
upload-sarif | true | Set false to skip the Code Scanning upload. |
category | agentguardian | SARIF category used for Code Scanning grouping. |
agent-guardian-version | "" | pip install version specifier. Empty = latest. |
python-version | 3.12 | Python runtime. |
extra-args | "" | Extra flags appended verbatim. |
Outputs
| Name | Description |
|---|---|
sarif-path | Path of the SARIF report. |
exit-code | Raw scan exit code (see exit codes). |
Severity gates
fail-under gates on the numeric AIVSS floor. The max-* inputs add
per-severity ceilings on top of it, AND-combined: the gate fails if AIVSS
drops below fail-under or any severity count exceeds its ceiling. The
default max-critical: "0" means a single CRITICAL finding fails the build
even when the AIVSS still clears the floor.
"") to disable that individual ceiling.
Sticky PR comment
Whencomment is true (default) and the workflow is triggered by a
pull_request event, the action runs agent-guardian comment --platform github after the scan. It upserts a single summary comment on the PR — keyed
by a hidden HTML marker so re-runs edit the existing comment in place rather
than posting a new one on every push. The comment embeds the same
fail-under / max-* verdict as the gate, so a green/red comment always
matches the CI exit code.
The comment step is advisory: if it cannot post (for example a fork PR whose
GITHUB_TOKEN lacks write scope) it logs a warning and the job continues — it
never changes the scan’s pass/fail outcome. See PR comments
for a rendered sample and the marker details.
Sample report
A static reference report generated from a real scan: sample-report.pdf.When to use the longhand form instead
Use the longhand workflow when you need to:- Run on a self-hosted runner without internet access (you supply your own install step).
- Run the scan inside a
services:container that the composite action would not see. - Compose multiple scans against the same target across the same job (the composite action assumes one scan per step).