Goal
Create a guide showing how to use OtterSight CLI in GitHub Actions workflows.
Context
Many users will want to scan their projects on every PR or push. A reusable workflow example makes this easy.
Expected content
A new file at docs/github-actions.md (or a section in the main README) with:
- A minimal workflow YAML that runs
npx @ottersight/cli scan .
- How to use the Docker image in CI
- How to fail the build on CRITICAL/HIGH vulnerabilities (exit code behavior)
- How to upload SARIF results to GitHub Code Scanning (once SARIF format is available)
Getting started
- Read CONTRIBUTING.md for setup instructions
- Test the workflow locally with
act or in a fork
- Write clear, copy-pasteable YAML examples
Happy to answer questions in the comments!
Goal
Create a guide showing how to use OtterSight CLI in GitHub Actions workflows.
Context
Many users will want to scan their projects on every PR or push. A reusable workflow example makes this easy.
Expected content
A new file at
docs/github-actions.md(or a section in the main README) with:npx @ottersight/cli scan .Getting started
actor in a forkHappy to answer questions in the comments!