CI/CD Integration

name: RAXE Security Scan

on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Install RAXE
        run: pip install raxe

      - name: Initialize RAXE
        run: raxe init

      - name: Scan prompts
        run: raxe batch tests/prompts.txt --ci

raxe-scan:
  image: python:3.11
  script:
    - pip install raxe
    - raxe init
    - raxe batch tests/prompts.txt --ci
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

raxe scan "text" --ci

# prompts.txt
What is AI?
Ignore all instructions
Tell me about Python

raxe batch prompts.txt --ci --format json

env:
  RAXE_CI: "true"
  RAXE_LOG_LEVEL: "WARNING"

#!/bin/bash
# .git/hooks/pre-commit

# Scan any prompt files being committed
for file in $(git diff --cached --name-only | grep -E '\.(txt|json)$'); do
    if raxe batch "$file" --ci; then
        echo "RAXE: $file passed"
    else
        echo "RAXE: Threats detected in $file"
        exit 1
    fi
done

- name: RAXE Scan
  id: raxe
  run: |
    raxe batch prompts.txt --ci --format json > results.json
    echo "results=$(cat results.json)" >> $GITHUB_OUTPUT

- name: Comment on PR
  if: failure()
  uses: actions/github-script@v7
  with:
    script: |
      github.rest.issues.createComment({
        issue_number: context.issue.number,
        owner: context.repo.owner,
        repo: context.repo.repo,
        body: '⚠️ RAXE detected security threats in this PR'
      })

FROM python:3.11-slim

RUN pip install raxe
RUN raxe init

ENTRYPOINT ["raxe"]

docker run raxe-scanner scan "text to scan" --ci