GitHub Action
Add EU AI Act compliance scanning to your CI/CD pipeline with the AIR Blackbox GitHub Action.
Basic Usage
```yaml name: AI Compliance Scan on: [push, pull_request]
jobs: compliance: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: airblackbox/air-compliance-action@v1 with: path: ./src ```
Configuration Options
| Input | Description | Default |
|---|---|---|
| `path` | Directory to scan | `.` |
| `fail-on-severity` | Fail build on this severity or higher | `critical` |
| `report-format` | Output format (json, markdown, sarif) | `markdown` |
| `generate-report` | Generate a compliance report file | `true` |
| `include-patterns` | Glob patterns to include | `**/*.py` |
| `exclude-patterns` | Glob patterns to exclude | `**/test_*` |
Fail on Severity
Block merges when critical compliance issues are found:
```yaml
- uses: airblackbox/air-compliance-action@v1 with: path: ./src fail-on-severity: high ```
Severity levels (from highest to lowest): `critical`, `high`, `medium`, `low`
Scheduled Audits
Run compliance scans on a schedule:
```yaml name: Weekly Compliance Audit on: schedule: - cron: '0 9 * * 1' # Every Monday at 9am
jobs: audit: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: airblackbox/air-compliance-action@v1 with: path: ./src report-format: markdown generate-report: true ```
PR Comments
The action automatically posts compliance findings as PR comments when triggered by pull requests.
Next Steps
- Scanning Guide — Understand what gets checked
- Trust Layers — Fix compliance findings