Documentation
Everything you need to get CodeShield AI running in under 2 minutes.
Quick Start
Add CodeShield AI to your GitHub repository in 3 steps:
Step 1: Create the workflow file
Create .github/workflows/security.yml in your repository:
name: CodeShield Security Scan
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run CodeShield AI
uses: Lydiamorgan85/codeshield-ai@v1.0.2
with:
path: '.'
fail-on-issues: 'true'Step 2: Commit and push
Commit the workflow file and push to your repository. CodeShield will automatically run on your next push or pull request.
Step 3: View results
Go to your repository's "Actions" tab to see the security scan results. Any issues found will be displayed in the workflow output.
The free tier works immediately with no licence key required for public repositories. For private repositories, you need a Pro or Team licence.
Installation
CodeShield AI is a GitHub Action - no installation required. Simply add the workflow YAML file to your repository and it runs automatically.
For standalone use outside GitHub Actions:
git clone https://github.com/Lydiamorgan85/codeshield-ai.git
cd codeshield-ai
pip install -r requirements.txt
python run_scan.py /path/to/your/codePrivate Repository Setup
Pro TeamPrivate repository scanning requires a valid licence key. After purchasing, you will receive your key via email.
Adding your licence key to GitHub:
1. Go to your repository Settings > Secrets and Variables > Actions
2. Click "New repository secret"
3. Name: CODESHIELD_LICENSE
4. Value: Your licence key (e.g. PRO-XXXX-XXXX-XXXX)
5. Click "Add secret"
Updated workflow with licence key:
name: CodeShield Security Scan
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run CodeShield AI
uses: Lydiamorgan85/codeshield-ai@v1.0.2
with:
path: '.'
license-key: ${{ secrets.CODESHIELD_LICENSE }}
fail-on-issues: 'true'Configuration Options
| Input | Default | Description |
|---|---|---|
| path | . | Path to scan |
| license-key | "" | Pro/Team licence key for private repos |
| fail-on-issues | true | Fail build if critical issues found |
| severity | MEDIUM | Minimum severity: LOW, MEDIUM, HIGH, CRITICAL |
| output-format | text | Output format: text, json, html |
Secrets Detected
CodeShield AI detects the following secret types:
- AWS Access Keys and Secret Keys (AKIA pattern)
- GitHub Personal Access Tokens (ghp_ pattern)
- Stripe API Keys (sk_live_, pk_live_)
- OpenAI API Keys (sk- pattern)
- Google API Keys (AIza pattern)
- Slack Tokens (xox pattern)
- Private Keys (RSA, EC, PGP)
- Database Connection URLs (PostgreSQL, MySQL, MongoDB)
- JWT Tokens
- Generic hardcoded passwords and API keys
Vulnerabilities Detected
- SQL Injection patterns
- Cross-Site Scripting (XSS)
- Dangerous function calls (eval, exec, system)
- Security anti-patterns and misconfigurations
Severity Levels
- CRITICAL - Immediate action required (e.g. live API keys)
- HIGH - Fix before deployment (e.g. SQL injection)
- MEDIUM - Fix soon (e.g. weak patterns)
- LOW - Best practice improvements
Using Your Licence Key
After purchasing a Pro or Team plan, you will receive an email from LemonSqueezy containing your licence key.
Your key will look like: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Store it as a GitHub Actions secret named CODESHIELD_LICENSE and reference it in your workflow as shown above.
Plan Comparison
- Free Public repos, 4 detectors, basic reports
- Pro $19/mo Private repos, priority support, API access, 3 activations
- Team $39/mo Everything in Pro, team dashboard, compliance reports, 10 activations
Get your licence at codeshield.ie/#pricing