CI Integration

The Faultline GitHub Action installs the scanner, runs analysis on every PR and push, posts a risk advisory comment, and uploads SARIF to GitHub code scanning. One step to add to any Go repository workflow.

Quickstart

name: Faultline

on:
  pull_request:
  push:
    branches: [main]

permissions:
  contents: read
  pull-requests: write
  security-events: write

jobs:
  faultline:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
        with:
          fetch-depth: 0    # Required: Faultline needs git history
      - uses: faultline-go/action@v1

With coverage

- uses: actions/setup-go@v6
  with:
    go-version: stable
- run: go test ./... -coverprofile=coverage.out
- uses: faultline-go/action@v1
  with:
    coverage: coverage.out

Fail on high findings

- uses: faultline-go/action@v1
  with:
    fail-on: high

With Faultline Enterprise

- uses: faultline-go/action@v1
  with:
    enterprise-url: https://api.gofaultline.dev
    enterprise-token: ${{ secrets.FAULTLINE_API_TOKEN || vars.FAULTLINE_API_TOKEN }}
    enterprise-org-id: YOUR_ORG_ID

Get your org ID and API token at app.gofaultline.dev → Settings → API Tokens.

Store FAULTLINE_API_TOKEN as a GitHub secret when possible. Existing pilot setups that use a repository or organization Actions variable are also supported by the expression above.

The first non-demo snapshot is the activation milestone. After it lands, review Dashboard, Executive, Suppressions, Owners, and Audit Evidence.

Required permissions

permissions:
  contents: read
  pull-requests: write
  security-events: write