Run inkode on every PR.
A 10-line GitHub Action that scans your codebase on every push, posts a sticky comment summarising new findings, and fails the build when your fail-on policy triggers.
10 free CI runs · 30 days · no signup beyond your email
A quality grade on every PR.
One comment per PR, updated on each push. Shows the score delta vs the base branch, every new finding by severity (with file/line), and a count of pre-existing issues unchanged.
Findings render directly on the diff via GitHub's ::error / ::warning / ::notice workflow commands. SARIF output also drops into the Code Scanning UI if you prefer that.
Pick new-errors (block new severe findings), score-drop:5 (block any regression over 5 points), or score:60 (hard floor). The action's exit code flips the GitHub status check.
Each upload becomes a point on your project's history. The diff endpoint compares any two reports by stable finding fingerprints — line drift up to ±2 lines doesn't double-count.
Three files. That's it.
Get a trial token
Submit your repo slug + email at api.inkode.co/ci/start. You get a token good for 10 CI runs across 30 days — enough to wire it up, get value out of a few PRs, and decide if you want an unlimited token.
Add it as a GitHub secret
Drop in the workflow
Commit .github/workflows/ik.yml at your repo root. The trial page also shows this snippet pre-filled with your project slug.
Push a PR. Watch the comment land.
You'll see the inkode bot post a sticky comment within ~30 seconds. New errors fail the check; new warnings show up in the comment but don't block. Tweak fail-on when you want to tighten things.
Pick what counts as a failure.
new-errors · recommendedFails when the PR introduces ≥ 1 new finding with severity error (secrets, broken deps, etc). Existing errors don't block. Best balance of safety and merge velocity.
score-drop:NFails when the overall score drops by ≥ N points vs the base branch. Catches death-by-a-thousand-cuts regressions where no single finding is severe but the trend is bad.
score:NHard floor. Fails when the overall score is below N. Useful for legacy projects where you want to enforce "no worse than the day we set this up" without diff comparisons.
neverAlways pass. Use this when you want the comment + annotations as informational signal but don't want the action gating merges yet — common for the first week of adoption.
Common questions
After 10 uploads or 30 days, new PR scans return a 403 with a clear message. Sign up for Growth for unlimited CI runs on every PR plus a trend dashboard that tracks your score over time — or email hello@inkode.co. Past reports stay viewable either way — you just can't add new ones until you upgrade.
No. Only file paths, git metadata, and code metrics. See the Privacy Policy for the full data inventory.
The ik CLI itself detects GitHub Actions, GitLab CI, and CircleCI environment variables. The iszlai/ik-action@v1 wrapper is GitHub-specific; for GitLab/Circle you'd run ik run --ci --token=… directly from your pipeline. Full action wrappers for those providers are on the roadmap.
No. Findings are fingerprinted by check + file + rule + message-prefix + a line bucket (line / 10). Refactors that shift unrelated lines by ±2 don't show up as fixed-then-added churn.
The action wrapper is MIT-licensed. The ik CLI binary itself is closed source for now; release binaries are at iszlai/inkode-releases.
Ready to put inkode on every PR?
A trial token is one form away. 10 free runs, no credit card. Ready for unlimited runs and progress tracking? Sign up for Growth.