ZeroLeaks
ZeroLeaks SDK

CI and Automation

Run production-fidelity scans in CI, staging, release gates, and scheduled security jobs.

CI and Automation

Runtime scans are designed for server and CI environments. The runner must remain alive until the hosted workflow completes.

const controller = new AbortController();

const { report } = await zeroleaks.runtimeScans.run(target, {
  signal: controller.signal,
  timeoutMs: 45 * 60 * 1000,
  eventConcurrency: 4,
  workerStallTimeoutMs: 6 * 60_000,
  onPoll: ({ currentPhase }) => console.log(currentPhase),
});

if (report.overallScore < 80) {
  process.exitCode = 1;
}
  1. Build the production agent with test credentials and isolated dependencies.
  2. Run unit and integration tests first.
  3. Start a ZeroLeaks runtime scan.
  4. Upload or retain the returned report as a CI artifact.
  5. Gate releases on score, vulnerability level, or finding severity.

Cancellation

Abort signals and local timeouts trigger best-effort cancellation of the hosted workflow. You can also cancel explicitly:

await zeroleaks.runtimeScans.cancel(runtimeScanId);

If a runner exits unexpectedly, the current relay event eventually times out and the scan is marked failed rather than silently producing a partial success. Version 0.2.2 also detects a hosted worker that stops making progress and cancels the run instead of polling indefinitely.

On this page