Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Implementation:Promptfoo Promptfoo GitHub Action

From Leeroopedia
Revision as of 13:43, 16 February 2026 by Admin (talk | contribs) (Auto-imported from implementations/Promptfoo_Promptfoo_GitHub_Action.md)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Knowledge Sources
Domains CI_CD, Reporting
Last Updated 2026-02-14 08:00 GMT

Overview

Concrete GitHub Action for running security scans and posting findings as PR comments, provided by the Promptfoo project.

Description

The Promptfoo Code Scan Action (`code-scan-action/action.yml`) is a GitHub Action that analyzes pull request diffs for security vulnerabilities in LLM integration code. It uses Node.js 20, connects to the Promptfoo API for analysis, and posts findings as PR comments with configurable severity thresholds.

Usage

Add this action to your GitHub Actions workflow YAML to enable automated security scanning on pull requests.

Code Reference

Source Location

  • Repository: promptfoo
  • File: code-scan-action/action.yml
  • Lines: L1-42

Signature

# code-scan-action/action.yml
name: 'Promptfoo Code Scan'
description: 'Scan code for LLM security vulnerabilities'
inputs:
  api-host:
    description: 'Promptfoo API host'
    default: 'https://api.promptfoo.app'
  min-severity:
    description: 'Minimum severity to report'
    default: 'low'
  config-path:
    description: 'Path to YAML configuration'
  guidance:
    description: 'Custom scan guidance'
  github-token:
    description: 'GitHub token for posting comments'
    default: ${{ github.token }}
runs:
  using: 'node20'
  main: 'dist/index.js'

Import

# In .github/workflows/security.yml:
- uses: promptfoo/promptfoo-action/code-scan-action@v1
  with:
    github-token: ${{ secrets.GITHUB_TOKEN }}

I/O Contract

Inputs

Name Type Required Description
api-host string No Promptfoo API URL (default: https://api.promptfoo.app)
min-severity string No Minimum severity: low, medium, high, critical (default: low)
config-path string No Path to scan configuration YAML
github-token string No Token for PR comments (default: built-in token)

Outputs

Name Type Description
PR comments text Security findings posted as PR comments
Check status pass/fail Based on min-severity threshold

Usage Examples

Basic Code Scan

name: Security Scan
on: [pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: promptfoo/promptfoo-action/code-scan-action@v1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          min-severity: medium

Related Pages

Implements Principle

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Implementation:Promptfoo_Promptfoo_GitHub_Action&oldid=9786"