v1.0.0 — GitHub Actions + VS Code extension
Updated — fixes action.yml YAML syntax error and .vscodeignore src/** exclusion.
No breaking changes. If you pinned @v1 you are already on the fix.
Bawbel Integrations v1.0.0
First release — GitHub Actions and VS Code extension for Bawbel Scanner.
Scan agentic AI components for AVE vulnerabilities at every stage of your development workflow — in your editor as you write, in CI/CD before you merge, and in production before you deploy.
GitHub Actions
Scan on every push and pull request with a single line:
- uses: bawbel/bawbel-integrations@v1
Full example with GitHub Security tab
name: Bawbel Security Scan on: [push, pull_request]jobs:
scan:
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
steps:
- uses: actions/checkout@v4- uses: bawbel/bawbel-integrations@v1 id: bawbel with: path: . fail-on-severity: high format: sarif - uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: ${{ steps.bawbel.outputs.sarif-file }}
Inputs
| Input | Default | Description |
|---|---|---|
| path | . | File or directory to scan |
| recursive | true | Scan directories recursively |
| fail-on-severity | high | Exit 2 on findings at this level (critical high medium low none) |
| format | sarif | Output format: sarif json text |
| no-ignore | false | Override all suppressions — audit mode |
| version | latest | Bawbel Scanner version to install |
| extras | all | pip extras: yara semgrep llm magika all |
Coming in v1.1
- Pre-commit hook — block commits that introduce AVE findings
- GitLab CI — native
.gitlab-ci.ymltemplate bawbel scan smithery:<server>— scan any Smithery MCP server directly from CI- Jenkins / CircleCI templates
Requirements
- Bawbel Scanner v1.0.0+ — installed automatically by the Action and VS Code extension
- GitHub Actions:
ubuntu-latest,macos-latest, orwindows-latest - VS Code: 1.85.0+, Python + pip available in PATH
Apache 2.0 — bawbel/bawbel-integrations Scanner: bawbel/bawbel-scanner AVE Standard: bawbel/bawbel-ave
# Bawbel Integrations v1.0.0First release — GitHub Actions and VS Code extension for
[Bawbel Scanner](https://github.com/bawbel/bawbel-scanner).
Scan agentic AI components for AVE vulnerabilities at every stage of
your development workflow — in your editor as you write, in CI/CD before
you merge, and in production before you deploy.
GitHub Actions
Scan on every push and pull request with a single line:
- uses: bawbel/bawbel-integrations@v1Full example with GitHub Security tab
name: Bawbel Security Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: bawbel/bawbel-integrations@v1
id: bawbel
with:
path: .
fail-on-severity: high
format: sarif
- uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: ${{ steps.bawbel.outputs.sarif-file }}Inputs
| Input | Default | Description |
|---|---|---|
path |
. |
File or directory to scan |
recursive |
true |
Scan directories recursively |
fail-on-severity |
high |
Exit 2 on findings at this level (critical high medium low none) |
format |
sarif |
Output format: sarif json text |
no-ignore |
false |
Override all suppressions — audit mode |
version |
latest |
Bawbel Scanner version to install |
extras |
all |
pip extras: yara semgrep llm magika all |
Outputs
| Output | Description |
|---|---|
sarif-file |
Path to SARIF output (bawbel-results.sarif) |
findings-count |
Number of active findings |
risk-score |
Risk score 0.0–10.0 |
result |
clean or findings |
More examples in [examples/](https://claude.ai/chat/examples/).
VS Code Extension
Install Bawbel Scanner from the VS Code Marketplace.
Zero setup — the extension automatically installs bawbel-scanner
on first activation. No terminal, no pip, no manual steps.
What happens on first install
- Install the extension from the Marketplace
- Open any
.md,.yaml, or.jsonfile - Extension detects
bawbelCLI is missing - Runs
pip install "bawbel-scanner[all]"automatically in background - Notification confirms when ready
- Findings appear inline immediately
Features
- Inline diagnostics — red/yellow squiggles on finding lines, same as ESLint
- Problems tab — all findings listed with AVE ID, severity, and engine
- Status bar —
Bawbel: ✓ cleanorBawbel: 3 finding(s)always visible - Auto-scan on save — scans
.md.yaml.yml.json.txtautomatically - Keyboard shortcut —
Ctrl+Shift+B/Cmd+Shift+Bscans current file instantly - Workspace scan — scan every skill file in the project at once
- AVE links — click any finding code to open the full vulnerability record in browser
- Graceful fallback — if auto-install fails, shows exact manual command and settings link
Configuration
All settings are optional.
| Setting | Default | Description |
|---|---|---|
bawbel.executable |
bawbel |
Custom path to bawbel CLI |
bawbel.scanOnSave |
true |
Auto-scan on save |
bawbel.failOnSeverity |
high |
Show as error vs warning |
bawbel.enableLLM |
false |
Enable LLM semantic analysis |
bawbel.noIgnore |
false |
Override suppressions — audit mode |
Coming in v1.1
- Pre-commit hook — block commits that introduce AVE findings
- GitLab CI — native
.gitlab-ci.ymltemplate bawbel scan smithery:<server>— scan any Smithery MCP server directly from CI- Jenkins / CircleCI templates
Requirements
- Bawbel Scanner v1.0.0+ — installed automatically by the Action and VS Code extension
- GitHub Actions:
ubuntu-latest,macos-latest, orwindows-latest - VS Code: 1.85.0+, Python + pip available in PATH
Apache 2.0 — [bawbel/bawbel-integrations](https://github.com/bawbel/bawbel-integrations)
Scanner: [bawbel/bawbel-scanner](https://github.com/bawbel/bawbel-scanner)
AVE Standard: [bawbel/bawbel-ave](https://github.com/bawbel/bawbel-ave)