CI/CD Integration
Integrate Inkog into your CI/CD pipeline to automatically scan for vulnerabilities on every commit.
Security Gates
Inkog uses a Security Gate to determine whether a build should pass or fail:
| Status | Condition | Exit Code |
|---|---|---|
| PASSED | 0 Critical + 0 High findings | 0 |
| BLOCKED | Any Critical or High finding | 1 |
Exit Codes
| Code | Meaning | Action |
|---|---|---|
0 | No findings | Pipeline continues |
1 | Findings detected | Pipeline fails (configurable) |
2 | Scan error | Pipeline fails |
Best Practices
1. Use JSON Output
JSON output is optimized for CI environments and enables programmatic processing:
inkog -output json .2. Set Severity Threshold
Block only on critical issues during development, all issues in production:
# Development - block on critical only
inkog -severity critical .
# Production - block on high and above
inkog -severity high .3. Save Reports as Artifacts
Archive scan results for audit and compliance:
inkog -output json . > inkog-report.json
inkog -output html . > inkog-report.html4. Cache Dependencies
Inkog is a single binary with no runtime dependencies, but caching the Go module download speeds up repeated runs.
Automatic Quiet Mode
When the CI environment variable is set (automatic on most platforms), Inkog:
- Disables progress spinners
- Suppresses ANSI colors
- Optimizes output for log files
Quick Start
Choose your platform:
- GitHub Actions - Most common, with code scanning integration
- GitLab CI - With security report artifacts
- Pre-commit Hooks - Scan before every commit
Last updated on