Skip to content

CI/CD Integration

sentrik integrates with GitHub Actions and Azure Pipelines to enforce quality gates on every pull request.

GitHub Actions

Basic gate

name: sentrik Gate
on: [pull_request]

jobs:
  gate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm install -g sentra
      - run: sentra gate --git-range "origin/main...HEAD"

With PR decoration and status checks

      - run: sentra gate --git-range "origin/main...HEAD" --decorate-pr --status-check
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GUARD_GITHUB_OWNER: ${{ github.repository_owner }}
          GUARD_GITHUB_REPO: ${{ github.event.repository.name }}

With SARIF upload (GitHub Code Scanning)

      - run: sentra scan --git-range "origin/main...HEAD"
      - uses: github/codeql-action/upload-sarif@v3
        if: always()
        with:
          sarif_file: out/report.sarif.json

Azure Pipelines

Basic gate

trigger:
  - main

pool:
  vmImage: ubuntu-latest

steps:
  - script: npm install -g sentra
  - script: sentra gate --git-range "origin/main...HEAD"

With PR decoration

  - script: |
      sentra gate --git-range "origin/main...HEAD" --decorate-pr --status-check
    env:
      AZURE_DEVOPS_PAT: $(AZURE_DEVOPS_PAT)
      GUARD_AZURE_DEVOPS_ORG: $(System.TeamFoundationCollectionUri)
      GUARD_AZURE_DEVOPS_PROJECT: $(System.TeamProject)
      GUARD_AZURE_DEVOPS_REPO: $(Build.Repository.Name)

Pre-commit hook

sentrik can scan staged files before every commit:

# .pre-commit-config.yaml
repos:
  - repo: local
    hooks:
      - id: sentra-scan
        name: sentrik scan
        entry: sentra pre-commit-scan
        language: system
        pass_filenames: false
        stages: [pre-commit]

Install the hook:

pre-commit install

If the pre-commit scan finds fixable issues:

sentra fix-hook    # Auto-fix and re-stage

Environment variables for CI

Variable Purpose
GUARD_LICENSE_KEY Enterprise license key
GUARD_STANDARDS_PACKS Comma-separated pack list
GUARD_GATE_FAIL_ON Override gate severities
GUARD_GOVERNANCE_PROFILE Override governance profile
AZURE_DEVOPS_PAT Azure DevOps authentication
GITHUB_TOKEN GitHub authentication
JIRA_TOKEN Jira authentication

Exit codes

Code Meaning
0 Gate passed
1 Gate failed (findings above threshold)