DocsCI Recipes
Integrate

CI Recipes

Drop-in configuration for every major CI platform. Copy, paste, add your API key — done.

GitHub Actions

Basic scan on every PR and push

.github/workflows/nixer.yml
name: Nixer AI Security
on: [pull_request, push]
permissions:
  contents: read
  security-events: write
  pull-requests: write
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: Polsia-Inc/nixer-action@v1
        with:
          api-key: ${{ secrets.NIXER_API_KEY }}

Fail only on critical findings

.github/workflows/nixer-critical.yml
- uses: Polsia-Inc/nixer-action@v1
  with:
    api-key: ${{ secrets.NIXER_API_KEY }}
    severity-threshold: critical
    fail-on-findings: true

Scheduled nightly + report-only mode

.github/workflows/nixer-nightly.yml
on:
  schedule:
    - cron: '0 2 * * *'
  workflow_dispatch:
jobs:
  nightly:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: Polsia-Inc/nixer-action@v1
        with:
          api-key: ${{ secrets.NIXER_API_KEY }}
          fail-on-findings: false  # report only

Monorepo matrix build

.github/workflows/nixer-monorepo.yml
jobs:
  scan:
    strategy:
      matrix:
        service: [api, worker, agent]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: Polsia-Inc/nixer-action@v1
        with:
          api-key: ${{ secrets.NIXER_API_KEY }}
          scan-targets: services/${{ matrix.service }}
          sarif-output: nixer-${{ matrix.service }}.sarif

GitLab CI

.gitlab-ci.yml
nixer-scan:
  image: node:20-slim
  stage: security
  script:
    - npx nixer scan . --format sarif --output nixer.sarif
  variables:
    NIXER_API_KEY: $NIXER_API_KEY  # set in CI/CD Variables
  artifacts:
    when: always
    paths:
      - nixer.sarif
    expire_in: 30 days
  only:
    - merge_requests
    - main

CircleCI

.circleci/config.yml
version: 2.1

jobs:
  nixer-scan:
    docker:
      - image: cimg/node:20.0
    steps:
      - checkout
      - run:
          name: Nixer AI Security Scan
          command: |
            npx nixer scan . --format sarif --output nixer.sarif
          environment:
            NIXER_API_KEY: ${NIXER_API_KEY}
      - store_artifacts:
          path: nixer.sarif

workflows:
  security:
    jobs:
      - nixer-scan

Jenkins

Jenkinsfile
pipeline {
  agent { docker { image 'node:20-slim' } }
  environment {
    NIXER_API_KEY = credentials('nixer-api-key')
  }
  stages {
    stage('Nixer AI Security') {
      steps {
        sh '''
          npx nixer scan . \
            --format sarif \
            --output nixer.sarif \
            --severity-threshold high
        '''
      }
      post {
        always {
          archiveArtifacts artifacts: 'nixer.sarif'
        }
      }
    }
  }
}
ℹ️
The CLI (npx nixer) works in any CI environment with Node.js 18+. Set NIXER_API_KEY as a CI secret/variable. See the API reference for programmatic scan triggering.
Edit this page on GitHub