Skip to content

Korext/enforce-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.github/workflows
.github/workflows
 
 
test-fixtures
test-fixtures
 
 
LICENSE
LICENSE
 
 
MAINTAINERS.md
MAINTAINERS.md
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

KOREXT Enforce Action

Enforce compliance policies on AI generated code in your GitHub workflows.

72 policy packs. 532 rules. 13 languages. Violations appear as GitHub Code Scanning annotations on pull requests.

Quick Start

Add this to .github/workflows/korext.yml:

name: Korext Enforcement
on: [push, pull_request]

permissions:
  contents: read
  security-events: write

jobs:
  enforce:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: Korext/enforce-action@v3
        with:
          api-token: ${{ secrets.KOREXT_API_TOKEN }}

Korext scans your code on every push and PR using the default web policy pack.

How It Works

  1. Install: The action installs the Korext CLI
  2. Scan: Runs korext enforce against your codebase with the selected policy pack
  3. Report: Generates a SARIF file and uploads it to GitHub Code Scanning
  4. Gate: Fails the workflow if critical or high severity violations are found

Violations appear as annotations directly on the PR diff, powered by GitHub Code Scanning.

Inputs

Input Description Required Default
directory Directory to scan for policy violations No .
pack Policy Pack ID to enforce No web
api-token Korext API token for authenticated mode No (anonymous)
fail-on-violations Fail workflow on critical/high violations No true
sarif-upload Upload SARIF to GitHub Code Scanning No true
region Data processing region (us, eu, apac) No (default)
sign-bundles Request signed proof bundles No true

Outputs

Output Description
violations Total number of policy violations found
sarif-file Path to the generated SARIF results file
bundle-count Number of proof bundles generated
bundles-signed Number of signed proof bundles
bundle-ids Comma separated list of proof bundle IDs

Examples

Multiple Policy Packs

- uses: Korext/enforce-action@v3
  with:
    pack: web,pci-dss-v1,owasp-v1
    api-token: ${{ secrets.KOREXT_API_TOKEN }}

EU Data Sovereignty

- uses: Korext/enforce-action@v3
  with:
    pack: gdpr-v1
    region: eu
    api-token: ${{ secrets.KOREXT_API_TOKEN }}

Scan Specific Directory

- uses: Korext/enforce-action@v3
  with:
    directory: src/
    pack: hipaa-v1
    api-token: ${{ secrets.KOREXT_API_TOKEN }}

Warn Only (do not fail)

- uses: Korext/enforce-action@v3
  with:
    pack: web
    fail-on-violations: 'false'

Authentication

For full access to all policy packs and signed proof bundles, create an API token in your KOREXT dashboard and add it as a GitHub secret:

  1. Go to app.korext.com > Settings > API Tokens
  2. Create a new token
  3. Add it as KOREXT_API_TOKEN in your repo's Settings > Secrets and variables > Actions

Without a token, the action runs in anonymous mode (20 requests per hour, limited packs).

Links

License

Proprietary. See Terms of Service.

About

GitHub Action for AI code governance. Scan pull requests. Block violations. Signed proof bundles.

korext.com

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 6

KOREXT Enforce v3.0.1 Latest
Apr 16, 2026
+ 5 releases

Packages

 
 
 

Contributors

Languages