Skip to content

Scantrix/scantrix

BranchesTags

Repository files navigation

Scantrix

Playwright · Cypress · Selenium
Find out why your tests keep failing without running a single one.

Quick Start · Output · CLI Reference · GitHub Action · Rules · License

Build Status NPM Version License: MIT

Most tools tell you a test failed. Scantrix tells you why your entire approach is failing and exactly how to fix it.

No test execution. No credentials. No file modifications. Just root causes.

EXAMPLE FINDING

KEY CAPABILITIES

Capability Traditional Reporters Scantrix
Analysis Runtime (Post Failure) Static (Pre-emptive)
Scope Single Test Result Repository wide Health
Root Cause Stack Trace only Correlated Design Patterns
Actionability "Test Failed" Step-by-step Fix Guidance
CI Impact Log bloat CI Pipeline Optimization
Security Requires Tokens Zero Footprint (Local Execution)

RISK OVERVIEW

RECOMMENDED ACTIONS

What Scantrix Diagnoses

Flaky test root causes. Not just which tests fail, but exactly why they fail and what will actually fix them.

Framework-level design debt. Structural patterns that silently destabilize entire test suites before anyone realizes something is wrong.

CI configuration risks. The environmental factors making your pipeline unpredictable run to run.

Blast radius of bad patterns. One anti-pattern can affect hundreds of tests. Scantrix quantifies that exposure so you know where to act first.

Execution waste. Where time is being burned in your pipeline and the precise changes that recover it.

What Scantrix Does NOT Do

Scantrix operates as a zero-footprint, read-only analyzer, ensuring repository integrity while maintaining a strict security posture.

  • It does not execute your tests
  • It does not modify any files in the target repository
  • It does not make network connections beyond the local filesystem
  • It does not require credentials and access tokens of any kind

Quick Start

# Install dependencies
npm install

# Build
npm run build

# Scan a repository
node dist/cli.js /path/to/repo --out ./audit-out

# Or use the shorthand (builds + scans)
npm run audit -- /path/to/repo --out ./audit-out

Output Formats

Every scan produces an overall risk grade (A through F) alongside severity-bucketed findings.

Format File Description
Markdown audit_summary.md Primary report with executive-grade findings and hotspots
HTML audit_summary.html Styled report for browser viewing
JSON findings.json Machine-readable findings array
SARIF audit.sarif Native GitHub Code Scanning and Azure DevOps support — findings appear directly in the Security tab
Email audit_email.html Email-ready HTML summary

Use --format to select specific formats:

node dist/cli.js /path/to/repo --out ./audit-out --format md,json,sarif

CLI Reference

scantrix <repoPath> [options]
scantrix init [dir]

Scan Options

Flag Description Default
--out <dir> Output directory for reports ./audit-out
--format <list> Comma-separated formats: md,html,json,sarif,email all
--config <path> Path to .auditrc.json config file auto-detected
--updates Check npm registry for outdated dependencies off
--diff <path> Explicit baseline findings.json for comparison auto
--json-path <path> Write canonical ScanResult JSON to this path

Environment Variables

Variable Description
SCANTRIX_JSON_PATH Write canonical results JSON to this path

Init Subcommand

# Create a starter .auditrc.json in the target repo
node dist/cli.js init /path/to/repo

Configuration

Create an .auditrc.json in the target repository to customize behavior:

node dist/cli.js init /path/to/repo

The config file supports rule overrides (disable rules, adjust severity) and scan options. See CLI Architecture for details.

GitHub Action

Use Scantrix in CI with the provided composite action:

- uses: Scantrix/scantrix@v1
  with:
    repo-path: "."
    output-dir: "./scantrix-out"
    format: "md,html,json,sarif"
    post-comment: "true"    # Post summary on PRs
    fail-on-high: "true"    # Block merges with high-severity findings

Action Inputs

Input Description Default
repo-path Path to repository to scan .
output-dir Directory for audit artifacts ./scantrix-out
config-path Path to .auditrc.json
format Output formats (comma-separated) md,html,json,sarif
check-updates Check for outdated dependencies false
post-comment Post summary comment on PRs true
fail-on-high Fail if high-severity findings exist false

Action Outputs

Output Description
findings-count Total number of findings
high-count Number of high-severity findings
medium-count Number of medium-severity findings
low-count Number of low-severity findings
risk-grade Overall risk grade (A through F)
report-path Path to generated report directory

Documentation

Contributing

Contributions are welcome. Please open an issue to discuss proposed changes before submitting a pull request.

# Run the test suite
npm test

# Run tests in watch mode
npm run test:watch

License

MIT — See LICENSE file.

About

Scantrix analyzes automation repositories to uncover framework inefficiencies, flaky tests, and reliability risks.

Topics

static-analysis devtools code-analysis static test-automation ci-cd software-quality automation-framework automation-testing qa-automation playwright test-flakiness test-audit test-reliability

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

8 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages