Code Radar LOCAL QUALITY GATE
GitHub Install Radar

Docs

GitHub Actions

Run Radar as a PR quality gate and publish SARIF evidence.

Workflow

Store `RADAR_LICENSE_KEY` in repository secrets, then run the action on pull requests.

uses: T-and-T-soft/code-radar/action@v1
with:
  license-key: ${{ secrets.RADAR_LICENSE_KEY }}
  fail-on: high
  sarif: true

False positives

GitHub Actions uses the same engine-level exclusions as local CLI and MCP. A reviewed finding exclusion marks the finding as suppressed, so it does not fail `fail-on`, publish SARIF, or emit PR annotations.

[[exclusions.findings]]
rule_id = "SEC-SQLI-001"
path = "src/generated/**"
reason = "Generated query builder reviewed manually"