GitHub Actions Integration

Automatically scan your live site on every pull request or push using BugZeroAI's public API. No webhook setup required — just add a YAML file to your repo.

1

Generate an API Key

2

Add Secret to GitHub Repository

In your GitHub repository, go to Settings → Secrets and variables → Actions and add:

BUGZEROAI_API_KEYPaste your API key from Step 1
SITE_URLYour live site URL (e.g. https://myapp.vercel.app)Variable, not secret
GitHub Secrets documentation
3

Add Workflow File to Your Repo

Create the file .github/workflows/bugzeroai.yml in your repository:

yaml — .github/workflows/bugzeroai.yml
name: BugZeroAI Scan

on:
  pull_request:
    branches: [main, develop]
  push:
    branches: [main]

jobs:
  bugzeroai-scan:
    name: Security & Quality Scan
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write  # Required to post PR comments
    steps:
      - name: Run BugZeroAI Scan
        run: |
          RESPONSE=$(curl -s -X POST \
            -H "x-api-key: ${{ secrets.BUGZEROAI_API_KEY }}" \
            -H "Content-Type: application/json" \
            -d '{
              "url": "${{ vars.SITE_URL }}",
              "scanType": "quick",
              "githubToken": "${{ secrets.GITHUB_TOKEN }}",
              "githubRepo": "${{ github.repository }}",
              "prNumber": ${{ github.event.pull_request.number || 0 }}
            }' \
            https://bugzeroai.com/api/v1/scan)

          echo "Scan result: $RESPONSE"

          STATUS=$(echo $RESPONSE | python3 -c "import sys,json; print(json.load(sys.stdin).get('status','failed'))")
          ISSUES=$(echo $RESPONSE | python3 -c "import sys,json; print(json.load(sys.stdin).get('issues',0))")
          PR_COMMENT=$(echo $RESPONSE | python3 -c "import sys,json; print(json.load(sys.stdin).get('prCommentPosted',False))")

          echo "Status: $STATUS | Issues: $ISSUES | PR comment: $PR_COMMENT"

          if [ "$STATUS" = "failed" ]; then
            echo "::error::BugZeroAI scan failed"
            exit 1
          fi
4

Advanced: Full Scan on Release

Optional

Run a full security audit automatically when you publish a release. Uses 10 credits per scan.

yaml — Full scan on release
name: BugZeroAI Full Scan on Release

on:
  release:
    types: [published]

jobs:
  full-scan:
    name: Full Security Audit
    runs-on: ubuntu-latest
    steps:
      - name: Run Full BugZeroAI Scan
        id: scan
        run: |
          RESPONSE=$(curl -s -X POST \
            -H "x-api-key: ${{ secrets.BUGZEROAI_API_KEY }}" \
            -H "Content-Type: application/json" \
            -d '{
              "url": "${{ vars.SITE_URL }}",
              "scanType": "full"
            }' \
            https://bugzeroai.com/api/v1/scan)
          
          echo "result=$RESPONSE" >> $GITHUB_OUTPUT
          echo "Scan complete: $RESPONSE"
      
      - name: Check Credits
        run: |
          curl -s -H "x-api-key: ${{ secrets.BUGZEROAI_API_KEY }}" \
            https://bugzeroai.com/api/v1/credits

API Reference

POST
/api/v1/scan

Trigger a scan. Body: { url, scanType? }

GET
/api/v1/credits

Check remaining credits and plan info

All endpoints require x-api-key header. Scan types: quick (3 credits), security (5), performance (5), full (10).