Inputs
`path`, `format`, `output`, `profile`, `baseline`, `fix-format`, and `fix-output` let teams move from advisory scans to strict enforcement with reviewable remediation artifacts.
Agentic Workflow Guard
GitHub Action Marketplace
Add AI workflow security scanning to pull requests.
Use the release-tagged action to generate SARIF, upload findings to GitHub Code Scanning, write optional fix artifacts, and publish a human-readable Step Summary.
Recommended workflow
npx agentic-workflow-guard init .name: agentic workflow guard
on:
pull_request:
push:
branches: [main]
jobs:
guard:
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
steps:
- uses: actions/checkout@v6
- uses: guorunjie/agentic-workflow-guard@v1.0.0
with:
path: .
format: sarif
profile: balanced
output: awg.sarif
fix-format: json
fix-output: awg-fix.json
continue-on-error: true
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: awg.sarif
- uses: actions/upload-artifact@v4
if: always()
with:
name: agentic-workflow-guard-fix-report
path: awg-fix.jsonOutputs
`report-path` and `fix-report-path` point to generated artifacts so follow-up jobs can upload, archive, or comment with them.
Artifacts
Use SARIF for Code Scanning, JSON fix reports for PR bots, and Markdown for local reviews or issue comments.
Use a pinned release tag for repeatable Marketplace installs.