Add fail-on severity threshold and GitHub Actions example#64
Merged
SaifullahSayyed merged 1 commit intoJun 2, 2026
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
I added a new fail on severity threshold feature to the CLI so that scans can automatically fail the CI pipeline if findings meet or exceed a specific severity level. I also included a GitHub Actions example configuration file so users can easily see how to integrate this tool into their own workflows. This makes it much easier for teams to enforce security rules during their build process.
Fixes #52
Type of change
✓ New feature (non breaking change which adds functionality)
How Has This Been Tested?
I ran the full test suite locally to verify the new threshold logic behaves correctly across different severity levels. I also ran the linter and type checker to make sure the code quality remains high. Here are the exact metrics and results:
✓ Pytest executed successfully with 280 total tests passing in 19.44 seconds.
✓ The newly added CLI tests for the fail on feature passed perfectly, specifically verifying the threshold logic:
✓ test scan fail on high fails with critical
✓ test scan fail on high fails with high
✓ test scan fail on high passes with medium
✓ test scan fail on invalid severity
✓ Ruff check ran across the entire project and reported all checks passed with zero remaining errors.
✓ Ruff format confirmed that the formatting and style guidelines are correctly applied.
✓ pytest tests/test_cli.py
✓ mypy crucible/ tests/ strict
✓ ruff check crucible/
Checklist:
✓ My code follows the style guidelines of this project
✓ I have performed a self review of my own code
✓ I have commented my code, particularly in hard to understand areas
✓ I have made corresponding changes to the documentation
✓ My changes generate no new warnings
✓ I have added tests that prove my fix is effective or that my feature works
✓ New and existing unit tests pass locally with my changes
✓ Any dependent changes have been merged and published in downstream modules