CI Integration
ghostdep is designed for CI. It’s a single binary with deterministic output and meaningful exit codes.
Exit codes
| Code | Meaning |
|---|---|
| 0 | Clean — no findings |
| 1 | Findings present |
| 2 | Error |
GitHub Actions
Basic check
- name: Install ghostdep
run: curl -fsSL https://raw.githubusercontent.com/ojuschugh1/ghostdep/main/install.sh | sh
- name: Check dependencies
run: ghostdep
With SARIF upload (GitHub Code Scanning)
- name: Install ghostdep
run: curl -fsSL https://raw.githubusercontent.com/ojuschugh1/ghostdep/main/install.sh | sh
- name: Run ghostdep
run: ghostdep -f sarif > ghostdep.sarif
continue-on-error: true
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ghostdep.sarif
This shows findings as annotations directly in pull requests.
JSON output for custom processing
- name: Run ghostdep
run: |
ghostdep -f json > ghostdep.json
cat ghostdep.json | jq '.findings | length'
GitLab CI
ghostdep:
stage: lint
script:
- curl -fsSL https://raw.githubusercontent.com/ojuschugh1/ghostdep/main/install.sh | sh
- ghostdep
Pre-commit hook
#!/bin/sh
ghostdep -q
Save as .git/hooks/pre-commit and chmod +x it. The -q flag suppresses output — it’ll just block the commit if findings are present.
Tips
- Use
--cachefor faster repeat scans in CI (cache the.ghostdep-cache/directory between runs) - Use
--min-confidence mediumto reduce noise from dynamic imports - Use
-qwhen you only care about pass/fail