The credit score for your codebase. Get a quality score (300–850) on every push and block bad code from merging.
ShipScanner scans your repo for security vulnerabilities, leaked secrets, outdated dependencies, code quality issues, and best practice violations — then gives you a single score.
name: ShipScanner
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: shipscanner/scan-action@v1
with:
score-threshold: 600| Input | Description | Default |
|---|---|---|
score-threshold |
Minimum score to pass (300–850) | 600 |
api-key |
ShipScanner API key for private repos and higher rate limits | — |
| Output | Description |
|---|---|
score |
Quality score (300–850) |
grade |
Letter grade (A+, A, B, C, D, F) |
report-url |
Link to full report on shipscanner.dev |
badge-url |
SVG badge URL for your README |
- Triggers a scan on shipscanner.dev
- Polls for results (up to 6 minutes)
- Compares the score against your threshold
- Fails the CI step if the score is below threshold
- Writes a summary with score, grade, and category breakdown
For private repos or higher rate limits, create an API key at shipscanner.dev/dashboard/api-keys and add it as a repository secret:
- uses: shipscanner/scan-action@v1
with:
score-threshold: 600
api-key: ${{ secrets.SHIPSCANNER_API_KEY }}Add a ShipScanner badge to your README:
[](https://shipscanner.dev/report/YOUR_SCAN_ID)| Grade | Score | Meaning |
|---|---|---|
| A+ | 800–850 | Excellent — production-ready |
| A | 700–799 | Great — minor improvements possible |
| B | 600–699 | Good — some issues to address |
| C | 500–599 | Fair — needs attention |
| D | 400–499 | Poor — significant issues |
| F | 300–399 | Critical — major problems found |
- ShipScanner — Scan any public repo
- Dashboard — View your scan history
- API Keys — Manage API keys