ROYALCORE-JS ← Back

CI integration

Run RoyalCore-JS in your pipeline so every push or pull request gets scanned. If the scanner finds a critical issue, the job fails and you get a clear signal before merge.

The CLI scanner runs entirely on your own runners/machines: your source code and generated security reports never leave your infrastructure. HTML security reports produced by the CLI (for example with node bin/index.js scan --html or node bin/index.js report) are generated only on your machines and do not consume additional quota. Plan limits apply to the number of project source lines scanned per billing period (excluding node_modules), regardless of whether you later export HTML.

What you need

  • RoyalCore-JS CLI available in your project (e.g. as a devDependency or via your plan).
  • Command: npx royalcore-js scan (or the one from your plan docs).

The scanner exits with code 1 when there’s at least one critical finding. Your CI treats that as a failed step, so you can block merges or require a review.

GitHub Actions

Create .github/workflows/royalcore-js.yml in your repo and paste the workflow below. Adjust the run command if your plan uses a different CLI name.

name: RoyalCore-JS security scan

on:
  push:
    branches: [main, master]
  pull_request:
    branches: [main, master]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Run RoyalCore-JS scan
        run: npx royalcore-js scan

No critical findings → job passes. Any critical → exit 1 → job fails.

GitLab CI

Add this job to your .gitlab-ci.yml:

royalcore-js-scan:
  image: node:20
  stage: test
  script:
    - npm ci
    - npx royalcore-js scan
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_COMMIT_BRANCH == "main"

Same behaviour: pipeline fails if the scanner reports a critical issue.

Other CI (Jenkins, Circle, etc.)

  1. Install your project dependencies as usual (npm ci, yarn install, etc.).
  2. Run: npx royalcore-js scan (or the command from your plan).
  3. If the process exits with code 1, treat the job as failed.

The exact CLI command may vary by plan; check your subscription docs when in doubt.