CI/CD Integration Guide
Integrate RAKṢĀ into your development pipeline for automated security scanning, PR gates, and continuous monitoring.
GitHub Actions Integration
Basic Workflow
Create .github/workflows/security-scan.yml:
name: Security Scan
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
env:
RAKSHA_URL: https://raksha-449012790678.asia-southeast1.run.app
jobs:
security-scan:
runs-on: ubuntu-latest
name: RAKṢĀ Security Scan
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Create source archive
run: |
# Create clean archive without git history
zip -r source.zip . \
-x ".git/*" "node_modules/*" "__pycache__/*" \
"*.log" "*.tmp" ".env*" "secrets/*"
- name: Run security scan
id: scan
run: |
# Upload and scan
response=$(curl -s -X POST "$RAKSHA_URL/scan/upload" \
-F "file=@source.zip")
echo "Scan response: $response"
# Extract results
scan_id=$(echo "$response" | jq -r '.scan_id')
total_findings=$(echo "$response" | jq -r '.total_findings')
critical=$(echo "$response" | jq -r '.findings_by_severity.critical // 0')
high=$(echo "$response" | jq -r '.findings_by_severity.high // 0')
medium=$(echo "$response" | jq -r '.findings_by_severity.medium // 0')
# Output for later steps
echo "scan_id=$scan_id" >> $GITHUB_OUTPUT
echo "total_findings=$total_findings" >> $GITHUB_OUTPUT
echo "critical=$critical" >> $GITHUB_OUTPUT
echo "high=$high" >> $GITHUB_OUTPUT
echo "medium=$medium" >> $GITHUB_OUTPUT
# Create summary
echo "## 🛡️ RAKṢĀ Security Scan Results" >> $GITHUB_STEP_SUMMARY
echo "**Scan ID:** $scan_id" >> $GITHUB_STEP_SUMMARY
echo "**Total Findings:** $total_findings" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Severity | Count |" >> $GITHUB_STEP_SUMMARY
echo "|----------|-------|" >> $GITHUB_STEP_SUMMARY
echo "| Critical | $critical |" >> $GITHUB_STEP_SUMMARY
echo "| High | $high |" >> $GITHUB_STEP_SUMMARY
echo "| Medium | $medium |" >> $GITHUB_STEP_SUMMARY
- name: Download detailed results
run: |
curl -o security-results.json \
"$RAKSHA_URL/scan/${{ steps.scan.outputs.scan_id }}/export"
- name: Upload scan results
uses: actions/upload-artifact@v4
with:
name: security-scan-results
path: security-results.json
retention-days: 30
- name: Security gate
run: |
critical=${{ steps.scan.outputs.critical }}
high=${{ steps.scan.outputs.high }}
if [[ $critical -gt 0 ]]; then
echo "❌ Build failed: $critical critical security issue(s) found"
exit 1
fi
if [[ $high -gt 2 ]]; then
echo "❌ Build failed: $high high severity issues exceed threshold (max: 2)"
exit 1
fi
echo "✅ Security scan passed"Advanced Workflow with PR Comments
name: Security Scan with PR Comments
on:
pull_request:
branches: [main]
jobs:
security-scan:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
- name: Run security scan
id: scan
run: |
zip -r source.zip . -x ".git/*" "node_modules/*"
response=$(curl -s -X POST "${{ secrets.RAKSHA_URL }}" \
-F "file=@source.zip")
scan_id=$(echo "$response" | jq -r '.scan_id')
findings=$(echo "$response" | jq -r '.findings')
echo "scan_id=$scan_id" >> $GITHUB_OUTPUT
echo "findings<<EOF" >> $GITHUB_OUTPUT
echo "$findings" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Comment PR
uses: actions/github-script@v7
with:
script: |
const findings = JSON.parse(process.env.FINDINGS);
const scanId = '${{ steps.scan.outputs.scan_id }}';
let comment = `## 🛡️ RAKṢĀ Security Scan Results\n\n`;
comment += `**Scan ID:** ${scanId}\n`;
comment += `**Found ${findings.length} security issues**\n\n`;
if (findings.length > 0) {
comment += `### Critical & High Severity Issues\n\n`;
const criticalHigh = findings.filter(f =>
f.severity === 'critical' || f.severity === 'high');
if (criticalHigh.length > 0) {
criticalHigh.slice(0, 5).forEach(finding => {
comment += `#### ${finding.severity === 'critical' ? '🔴' : '🟠'} ${finding.title}\n`;
comment += `**File:** \`${finding.file}:${finding.line}\`\n`;
comment += `**Scanner:** ${finding.scanner}\n`;
comment += `${finding.description}\n\n`;
if (finding.remediation) {
comment += `**Remediation:** ${finding.remediation}\n\n`;
}
comment += `---\n\n`;
});
if (criticalHigh.length > 5) {
comment += `*... and ${criticalHigh.length - 5} more critical/high issues*\n\n`;
}
}
comment += `[View full results](https://raksha-449012790678.asia-southeast1.run.app/scan/${scanId})\n`;
} else {
comment += `✅ No security issues found!\n`;
}
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
});
env:
FINDINGS: ${{ steps.scan.outputs.findings }}SARIF Upload for Security Tab
name: Security Scan with SARIF
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
security-scan:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
- name: Run RAKṢĀ scan
run: |
zip -r source.zip . -x ".git/*"
curl -X POST "${{ secrets.RAKSHA_URL }}/scan/upload" \
-F "file=@source.zip" \
-o scan-results.json
- name: Convert to SARIF
run: |
python3 << 'EOF'
import json
# Load RAKṢĀ results
with open('scan-results.json') as f:
raksha = json.load(f)
# Convert to SARIF format
sarif = {
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
"version": "2.1.0",
"runs": [{
"tool": {
"driver": {
"name": "RAKṢĀ",
"informationUri": "https://avyay.ai/raksha",
"version": "1.0.0"
}
},
"results": []
}]
}
for finding in raksha.get('findings', []):
result = {
"ruleId": finding.get('rule_id', finding['id']),
"message": {
"text": finding['description']
},
"level": {
"critical": "error",
"high": "error",
"medium": "warning",
"low": "note",
"info": "note"
}.get(finding['severity'], "warning"),
"locations": [{
"physicalLocation": {
"artifactLocation": {
"uri": finding['file']
},
"region": {
"startLine": finding.get('line', 1),
"startColumn": finding.get('column', 1)
}
}
}]
}
sarif["runs"][0]["results"].append(result)
# Save SARIF
with open('results.sarif', 'w') as f:
json.dump(sarif, f, indent=2)
EOF
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarifGitLab CI Integration
Basic Pipeline
Create .gitlab-ci.yml:
variables:
RAKSHA_URL: https://raksha-449012790678.asia-southeast1.run.app
stages:
- security-scan
security-scan:
stage: security-scan
image: alpine:latest
before_script:
- apk add --no-cache curl jq zip
script:
# Create source archive
- zip -r source.zip . -x ".git/*" "node_modules/*" "__pycache__/*"
# Run scan
- >
response=$(curl -s -X POST "$RAKSHA_URL/scan/upload"
-F "file=@source.zip")
- echo "Scan response: $response"
# Extract and validate results
- scan_id=$(echo "$response" | jq -r '.scan_id')
- critical=$(echo "$response" | jq -r '.findings_by_severity.critical // 0')
- high=$(echo "$response" | jq -r '.findings_by_severity.high // 0')
# Download full results
- curl -o security-results.json "$RAKSHA_URL/scan/$scan_id/export"
# Security gates
- |
if [ "$critical" -gt 0 ]; then
echo "❌ Critical security issues found: $critical"
exit 1
fi
- |
if [ "$high" -gt 3 ]; then
echo "❌ Too many high severity issues: $high (max: 3)"
exit 1
fi
- echo "✅ Security scan passed"
artifacts:
when: always
paths:
- security-results.json
reports:
# Convert to GitLab security format if needed
sast: security-results.json
expire_in: 30 days
only:
- merge_requests
- main
- developAdvanced Pipeline with Manual Gates
stages:
- security-scan
- security-review
- deploy
security-scan:
stage: security-scan
# ... same as above ...
security-review:
stage: security-review
image: alpine:latest
dependencies:
- security-scan
script:
- apk add --no-cache jq
- |
high=$(jq -r '.findings_by_severity.high // 0' security-results.json)
medium=$(jq -r '.findings_by_severity.medium // 0' security-results.json)
if [ "$high" -gt 0 ] || [ "$medium" -gt 5 ]; then
echo "Security issues found - manual review required"
echo "High: $high, Medium: $medium"
exit 1
fi
when: manual
allow_failure: true
only:
- main
- develop
deploy-production:
stage: deploy
script:
- echo "Deploying to production..."
dependencies:
- security-scan
when: manual
only:
- mainJenkins Integration
Declarative Pipeline
Create Jenkinsfile:
pipeline {
agent any
environment {
RAKSHA_URL = 'https://raksha-449012790678.asia-southeast1.run.app'
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Security Scan') {
steps {
script {
// Create source archive
sh '''
zip -r source.zip . \\
-x ".git/*" "node_modules/*" "__pycache__/*" \\
"target/*" "build/*" "*.log"
'''
// Run scan
def response = sh(
script: """
curl -s -X POST "${RAKSHA_URL}/scan/upload" \\
-F "file=@source.zip"
""",
returnStdout: true
)
echo "Scan response: ${response}"
// Parse results
def results = readJSON text: response
def scanId = results.scan_id
def critical = results.findings_by_severity.critical ?: 0
def high = results.findings_by_severity.high ?: 0
def total = results.total_findings ?: 0
// Store scan ID for later use
env.SCAN_ID = scanId
env.CRITICAL_ISSUES = critical
env.HIGH_ISSUES = high
env.TOTAL_ISSUES = total
// Download detailed results
sh """
curl -o security-results.json \\
"${RAKSHA_URL}/scan/${scanId}/export"
"""
// Archive results
archiveArtifacts artifacts: 'security-results.json', fingerprint: true
// Security gate
if (critical > 0) {
error("Build failed: ${critical} critical security issue(s) found")
}
if (high > 3) {
error("Build failed: ${high} high severity issues exceed threshold")
}
echo "✅ Security scan passed - ${total} total issues found"
}
}
post {
always {
// Publish security results
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: false,
keepAll: true,
reportDir: '.',
reportFiles: 'security-results.json',
reportName: 'RAKṢĀ Security Report'
])
}
}
}
stage('Security Review') {
when {
anyOf {
expression { return env.HIGH_ISSUES.toInteger() > 0 }
expression { return env.TOTAL_ISSUES.toInteger() > 10 }
}
}
steps {
script {
// Trigger manual review
def userInput = input(
id: 'SecurityReview',
message: "Security issues found. Review required.",
parameters: [
choice(
choices: ['Proceed', 'Fix Issues', 'Abort'],
description: "High: ${env.HIGH_ISSUES}, Total: ${env.TOTAL_ISSUES}",
name: 'Action'
)
]
)
if (userInput == 'Abort') {
error("Build aborted by security review")
}
if (userInput == 'Fix Issues') {
currentBuild.result = 'UNSTABLE'
error("Build marked unstable - issues need fixing")
}
}
}
}
}
post {
always {
// Clean up
sh 'rm -f source.zip'
}
failure {
// Notify team of security issues
emailext(
subject: "Security Scan Failed: ${env.JOB_NAME} - ${env.BUILD_NUMBER}",
body: """
Security scan failed for build ${env.BUILD_NUMBER}.
Critical Issues: ${env.CRITICAL_ISSUES}
High Issues: ${env.HIGH_ISSUES}
Total Issues: ${env.TOTAL_ISSUES}
View detailed results: ${env.BUILD_URL}artifact/security-results.json
Scan ID: ${env.SCAN_ID}
""",
to: "${env.SECURITY_TEAM_EMAIL}"
)
}
}
}Scripted Pipeline with Parallel Scans
node {
stage('Checkout') {
checkout scm
}
stage('Parallel Security Scans') {
parallel(
'RAKṢĀ Scan': {
// Main RAKṢĀ scan
sh '''
zip -r source.zip . -x ".git/*"
curl -X POST "${RAKSHA_URL}/scan/upload" \\
-F "file=@source.zip" \\
-o raksha-results.json
'''
},
'GitHub Upload': {
// Also scan via GitHub if repository is public
sh """
curl -X POST "${RAKSHA_URL}/scan/github" \\
-H "Content-Type: application/json" \\
-d '{"url": "${env.GIT_URL}"}' \\
-o github-results.json
"""
}
)
}
stage('Compare Results') {
script {
def rakshaResults = readJSON file: 'raksha-results.json'
def githubResults = readJSON file: 'github-results.json'
echo "RAKṢĀ scan findings: ${rakshaResults.total_findings}"
echo "GitHub scan findings: ${githubResults.total_findings}"
// Use results from the scan with more findings (likely more comprehensive)
def finalResults = rakshaResults.total_findings >= githubResults.total_findings ?
rakshaResults : githubResults
writeJSON file: 'final-results.json', json: finalResults
}
}
}Azure DevOps Integration
Basic Pipeline
Create azure-pipelines.yml:
trigger:
branches:
include:
- main
- develop
pr:
branches:
include:
- main
variables:
rakshaUrl: 'https://raksha-449012790678.asia-southeast1.run.app'
stages:
- stage: SecurityScan
displayName: 'Security Scan'
jobs:
- job: RakshaScan
displayName: 'RAKṢĀ Vulnerability Scan'
pool:
vmImage: 'ubuntu-latest'
steps:
- checkout: self
- task: Bash@3
displayName: 'Create Source Archive'
inputs:
targetType: 'inline'
script: |
zip -r source.zip . \
-x ".git/*" "node_modules/*" "__pycache__/*"
- task: Bash@3
displayName: 'Run Security Scan'
inputs:
targetType: 'inline'
script: |
# Run scan
response=$(curl -s -X POST "$(rakshaUrl)/scan/upload" \
-F "file=@source.zip")
echo "Scan response: $response"
# Extract results
scan_id=$(echo "$response" | jq -r '.scan_id')
critical=$(echo "$response" | jq -r '.findings_by_severity.critical // 0')
high=$(echo "$response" | jq -r '.findings_by_severity.high // 0')
total=$(echo "$response" | jq -r '.total_findings')
# Set pipeline variables
echo "##vso[task.setvariable variable=scanId]$scan_id"
echo "##vso[task.setvariable variable=criticalIssues]$critical"
echo "##vso[task.setvariable variable=highIssues]$high"
echo "##vso[task.setvariable variable=totalIssues]$total"
# Download detailed results
curl -o "$(Agent.TempDirectory)/security-results.json" \
"$(rakshaUrl)/scan/$scan_id/export"
- task: PublishTestResults@2
displayName: 'Publish Security Results'
condition: always()
inputs:
testResultsFormat: 'JUnit'
testResultsFiles: '$(Agent.TempDirectory)/security-results.json'
testRunTitle: 'RAKṢĀ Security Scan'
- task: PublishBuildArtifacts@1
displayName: 'Publish Security Artifacts'
condition: always()
inputs:
pathToPublish: '$(Agent.TempDirectory)/security-results.json'
artifactName: 'security-results'
- task: Bash@3
displayName: 'Security Gate'
inputs:
targetType: 'inline'
script: |
if [ "$(criticalIssues)" -gt 0 ]; then
echo "##vso[task.logissue type=error]Critical security issues found: $(criticalIssues)"
exit 1
fi
if [ "$(highIssues)" -gt 2 ]; then
echo "##vso[task.logissue type=error]Too many high severity issues: $(highIssues)"
exit 1
fi
echo "✅ Security scan passed - $(totalIssues) total issues found"With Work Item Creation
- task: PowerShell@2
displayName: 'Create Work Items for Critical Issues'
condition: and(succeeded(), gt(variables.criticalIssues, 0))
inputs:
targetType: 'inline'
script: |
# Install Azure DevOps CLI extension
az extension add --name azure-devops
# Configure Azure DevOps
$env:AZURE_DEVOPS_EXT_PAT = "$(System.AccessToken)"
az devops configure --defaults organization="$(System.CollectionUri)" project="$(System.TeamProject)"
# Read scan results
$results = Get-Content "$(Agent.TempDirectory)/security-results.json" | ConvertFrom-Json
# Create work items for critical issues
foreach ($finding in $results.findings) {
if ($finding.severity -eq "critical") {
$title = "Security: $($finding.title)"
$description = @"
**File:** $($finding.file):$($finding.line)
**Scanner:** $($finding.scanner)
**CWE:** $($finding.cwe)
**Description:**
$($finding.description)
**Remediation:**
$($finding.remediation)
**Scan ID:** $(scanId)
"@
az boards work-item create `
--title "$title" `
--type "Bug" `
--assigned-to "$(Build.RequestedForEmail)" `
--description "$description" `
--area "$(System.TeamProject)\Security" `
--tags "security;critical;raksha"
}
}
env:
AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)Pre-commit Hooks
Git Hook Setup
Create .git/hooks/pre-commit:
#!/bin/bash
# RAKṢĀ pre-commit security scan
set -e
RAKSHA_URL="https://raksha-449012790678.asia-southeast1.run.app"
TEMP_DIR=$(mktemp -d)
ARCHIVE_FILE="$TEMP_DIR/staged-files.zip"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
echo -e "${YELLOW}🛡️ Running RAKṢĀ security scan on staged files...${NC}"
# Get list of staged files
staged_files=$(git diff --cached --name-only --diff-filter=ACM)
if [ -z "$staged_files" ]; then
echo "No staged files to scan"
exit 0
fi
# Create temporary directory structure
mkdir -p "$TEMP_DIR/staged"
# Copy staged files maintaining directory structure
echo "$staged_files" | while read file; do
if [ -f "$file" ]; then
mkdir -p "$TEMP_DIR/staged/$(dirname "$file")"
cp "$file" "$TEMP_DIR/staged/$file"
fi
done
# Create archive of staged files
(cd "$TEMP_DIR/staged" && zip -r "$ARCHIVE_FILE" . -q)
if [ ! -f "$ARCHIVE_FILE" ]; then
echo -e "${RED}❌ Failed to create archive of staged files${NC}"
exit 1
fi
# Run RAKṢĀ scan
echo "Scanning $(echo "$staged_files" | wc -l) staged files..."
response=$(curl -s -X POST "$RAKSHA_URL/scan/upload" \
-F "file=@$ARCHIVE_FILE")
if [ $? -ne 0 ]; then
echo -e "${RED}❌ Failed to contact RAKṢĀ scanner${NC}"
rm -rf "$TEMP_DIR"
exit 1
fi
# Parse results
scan_id=$(echo "$response" | jq -r '.scan_id // "unknown"')
critical=$(echo "$response" | jq -r '.findings_by_severity.critical // 0')
high=$(echo "$response" | jq -r '.findings_by_severity.high // 0')
medium=$(echo "$response" | jq -r '.findings_by_severity.medium // 0')
total=$(echo "$response" | jq -r '.total_findings // 0')
echo -e "\n📊 Scan Results (ID: $scan_id)"
echo -e " Critical: $critical"
echo -e " High: $high"
echo -e " Medium: $medium"
echo -e " Total: $total"
# Security gate
if [ "$critical" -gt 0 ]; then
echo -e "\n${RED}❌ COMMIT BLOCKED: Critical security issues found${NC}"
# Show critical issues
echo "$response" | jq -r '.findings[] | select(.severity=="critical") |
" 🔴 \(.title) in \(.file):\(.line)"'
echo -e "\nRun 'git commit --no-verify' to bypass this check (not recommended)"
echo -e "Or fix the issues and try again"
rm -rf "$TEMP_DIR"
exit 1
fi
if [ "$high" -gt 1 ]; then
echo -e "\n${YELLOW}⚠️ WARNING: $high high severity issues found${NC}"
echo -e "Consider fixing these before committing:"
# Show high issues
echo "$response" | jq -r '.findings[] | select(.severity=="high") |
" 🟠 \(.title) in \(.file):\(.line)"'
# Ask user for confirmation
echo -e "\nProceed with commit? [y/N] "
read -r confirm
if [[ ! $confirm =~ ^[Yy]$ ]]; then
echo -e "${RED}Commit aborted${NC}"
rm -rf "$TEMP_DIR"
exit 1
fi
fi
echo -e "\n${GREEN}✅ Security scan passed${NC}"
# Cleanup
rm -rf "$TEMP_DIR"
exit 0Make it executable:
chmod +x .git/hooks/pre-commitPre-commit Framework Integration
Create .pre-commit-config.yaml:
repos:
- repo: local
hooks:
- id: raksha-security-scan
name: RAKṢĀ Security Scan
entry: scripts/raksha-precommit.sh
language: script
pass_filenames: false
always_run: true
stages: [commit]
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-merge-conflict
- id: check-yamlCreate scripts/raksha-precommit.sh:
#!/bin/bash
# RAKṢĀ pre-commit integration script
RAKSHA_URL="${RAKSHA_URL:-https://raksha-449012790678.asia-southeast1.run.app}"
CRITICAL_THRESHOLD="${RAKSHA_CRITICAL_THRESHOLD:-0}"
HIGH_THRESHOLD="${RAKSHA_HIGH_THRESHOLD:-2}"
# Create archive of current working directory
zip -r /tmp/precommit-scan.zip . \
-x ".git/*" "node_modules/*" "__pycache__/*" \
".pre-commit-cache/*" "*.pyc" "*.log"
# Run scan
response=$(curl -s -X POST "$RAKSHA_URL/scan/upload" \
-F "file=@/tmp/precommit-scan.zip")
critical=$(echo "$response" | jq -r '.findings_by_severity.critical // 0')
high=$(echo "$response" | jq -r '.findings_by_severity.high // 0')
# Apply thresholds
if [ "$critical" -gt "$CRITICAL_THRESHOLD" ]; then
echo "❌ Pre-commit blocked: $critical critical issues (max: $CRITICAL_THRESHOLD)"
exit 1
fi
if [ "$high" -gt "$HIGH_THRESHOLD" ]; then
echo "❌ Pre-commit blocked: $high high severity issues (max: $HIGH_THRESHOLD)"
exit 1
fi
echo "✅ RAKṢĀ scan passed"
rm -f /tmp/precommit-scan.zip
exit 0Install and use:
pip install pre-commit
pre-commit install
pre-commit run --all-files # Test all filesIDE Integration
VS Code Extension Configuration
Create .vscode/tasks.json:
{
"version": "2.0.0",
"tasks": [
{
"label": "RAKṢĀ Security Scan",
"type": "shell",
"command": "bash",
"args": [
"-c",
"zip -r /tmp/vscode-scan.zip . -x '.git/*' 'node_modules/*' && curl -X POST 'https://raksha-449012790678.asia-southeast1.run.app/scan/upload' -F 'file=@/tmp/vscode-scan.zip' | jq '.'"
],
"group": {
"kind": "test",
"isDefault": false
},
"presentation": {
"echo": true,
"reveal": "always",
"focus": false,
"panel": "shared"
},
"options": {
"cwd": "${workspaceFolder}"
}
},
{
"label": "RAKṢĀ Quick Scan (Changed Files)",
"type": "shell",
"command": "bash",
"args": [
"-c",
"git diff --name-only HEAD~1 | zip -r /tmp/quick-scan.zip -@ && curl -X POST 'https://raksha-449012790678.asia-southeast1.run.app/scan/upload' -F 'file=@/tmp/quick-scan.zip'"
],
"group": "test"
}
]
}IntelliJ IDEA External Tool
- Go to File → Settings → Tools → External Tools
- Click + to add new tool:
Name: RAKṢĀ Security Scan
Program: bash
Arguments: -c "zip -r /tmp/idea-scan.zip $ProjectFileDir$ -x '*.git/*' && curl -X POST 'https://raksha-449012790678.asia-southeast1.run.app/scan/upload' -F 'file=@/tmp/idea-scan.zip' | jq '.'"
Working Directory: $ProjectFileDir$Notification Integration
Slack Notifications
# Add to your CI/CD pipeline
send_slack_notification() {
local scan_id=$1
local critical=$2
local high=$3
local total=$4
local color="good"
local message="✅ Security scan passed"
if [ "$critical" -gt 0 ]; then
color="danger"
message="🔴 Critical security issues found!"
elif [ "$high" -gt 2 ]; then
color="warning"
message="⚠️ Multiple high severity issues"
fi
curl -X POST -H 'Content-type: application/json' \
--data "{
\"username\": \"RAKṢĀ Security\",
\"icon_emoji\": \":shield:\",
\"attachments\": [{
\"color\": \"$color\",
\"title\": \"Security Scan Results\",
\"text\": \"$message\",
\"fields\": [
{\"title\": \"Critical\", \"value\": \"$critical\", \"short\": true},
{\"title\": \"High\", \"value\": \"$high\", \"short\": true},
{\"title\": \"Total\", \"value\": \"$total\", \"short\": true},
{\"title\": \"Scan ID\", \"value\": \"$scan_id\", \"short\": true}
]
}]
}" \
$SLACK_WEBHOOK_URL
}Microsoft Teams Webhook
send_teams_notification() {
local scan_id=$1
local findings=$2
curl -H "Content-Type: application/json" \
-d "{
\"@type\": \"MessageCard\",
\"@context\": \"http://schema.org/extensions\",
\"themeColor\": \"0076D7\",
\"summary\": \"RAKṢĀ Security Scan\",
\"sections\": [{
\"activityTitle\": \"🛡️ RAKṢĀ Security Scan Results\",
\"activitySubtitle\": \"Scan ID: $scan_id\",
\"facts\": [
{\"name\": \"Repository\", \"value\": \"$GITHUB_REPOSITORY\"},
{\"name\": \"Branch\", \"value\": \"$GITHUB_REF_NAME\"},
{\"name\": \"Total Findings\", \"value\": \"$findings\"}
],
\"markdown\": true
}],
\"potentialAction\": [{
\"@type\": \"OpenUri\",
\"name\": \"View Results\",
\"targets\": [{
\"os\": \"default\",
\"uri\": \"https://raksha-449012790678.asia-southeast1.run.app/scan/$scan_id\"
}]
}]
}" \
$TEAMS_WEBHOOK_URL
}Next Steps:
- Use Cases — Real-world implementation examples
- Configuration — Customize scanner behavior
- Monitoring — Set up Datadog APM and metrics
Need help? Check the troubleshooting section in the Quick Start guide.