§ Docs

CI/CD integration

Run Brektra on every pull request. Block merges that introduce confirmed exploits.

Brektra fits into the same CI step where you run unit tests. The integration is the GitHub Action and an API key.

Workflow

name: brektra
on: pull_request
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: brektra/action@v1.0.0
        with:
          api_key: ${{ secrets.BREKTRA_API_KEY }}
          target: https://staging-${{ github.event.number }}.example.com
          mode: safe
          surfaces: ai
          fail_on: confirmed_exploit

What the action does

  1. Calls /api/v1/scans/ci with your target and mode.
  2. Polls scan status until completion or timeout (default 10 minutes).
  3. Posts a summary comment on the PR with confirmed exploits and a replay link per finding.
  4. Exits non-zero if the fail_on threshold is met.

API key

Create one in Settings → API keys. API keys are scoped to a single workspace and have a single permission set (scans:write). Revoke any time.

Rate limits

The CI endpoint has a generous per-key rate limit. If you fan out a matrix build, batch into a single Brektra scan rather than spawning one per matrix leg.

Fail-on options

  • confirmed_exploit (recommended): exits non-zero on any high or critical confirmed finding.
  • any_finding: exits non-zero on any finding regardless of severity.
  • none: never fails the build; just records the scan result for visibility.