CI/CD Integration
Run EU AI Act compliance scans automatically on every push and pull request using GitHub Actions.
How it works
ComplianceLint runs inside Claude Code CLI in your GitHub Actions pipeline. It scans your code locally in the runner, checks it against 247 EU AI Act obligations, and syncs the results to your dashboard. If critical non-compliance is found, the build fails.
Push or PR
Workflow triggers on push to main or pull request
Scan
Claude Code runs ComplianceLint MCP against your codebase
Sync
Results are uploaded to your ComplianceLint dashboard
Gate
Build fails if critical non-compliance is detected
Setup
Copy the workflow file
Copy the workflow YAML below to .github/workflows/compliancelint.yml in your repository. Or download it directly.
# ComplianceLint — EU AI Act Compliance Scanning
# Add this file to your repo at .github/workflows/compliancelint.yml
#
# Required secrets:
# ANTHROPIC_API_KEY — Your Anthropic API key (claude.ai)
# COMPLIANCELINT_API_KEY — Your ComplianceLint dashboard API key (compliancelint.dev)
name: ComplianceLint
on:
push:
branches: [main, master]
pull_request:
branches: [main, master]
permissions:
contents: read
jobs:
compliance-scan:
name: EU AI Act Compliance Scan
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install ComplianceLint
run: pip install compliancelint
- name: Install Claude Code CLI
run: npm install -g @anthropic-ai/claude-code
- name: Configure MCP
run: |
mkdir -p ~/.claude
cat > ~/.claude/mcp.json << 'MCPEOF'
{
"mcpServers": {
"compliancelint": {
"command": "python",
"args": ["-m", "scanner.server"],
"env": {
"COMPLIANCELINT_API_KEY": "${{ secrets.COMPLIANCELINT_API_KEY }}"
}
}
}
}
MCPEOF
- name: Run compliance scan
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
run: |
claude -p "Run a full EU AI Act compliance scan on this project:
1. Use cl_analyze_project() to understand the codebase
2. Use cl_scan_all() to scan against all 44 articles
3. Use cl_sync() to upload results to the dashboard
4. Report the final compliance summary
If any article has status NON_COMPLIANT, exit with code 1.
If all articles are COMPLIANT or PARTIALLY_COMPLIANT, exit with code 0." \
--output-format json > scan-results.json
# Check for critical non-compliance
if grep -q '"NON_COMPLIANT"' scan-results.json; then
echo "::error::Critical non-compliance findings detected. Check the ComplianceLint dashboard for details."
exit 1
fi
- name: Upload scan results
if: always()
uses: actions/upload-artifact@v4
with:
name: compliancelint-results
path: scan-results.json
retention-days: 90Add your Anthropic API key as a secret
Go to your repository's Settings → Secrets and variables → Actions and add a new secret:
Add your ComplianceLint API key as a secret
Get your API key from the dashboard settings page, then add it as a repository secret:
Push and watch it run
Commit the workflow file and push to your repository. The scan will run automatically on every push to main and on every pull request. Check the Actions tab to see results.
(Optional) Surface findings in PRs and Security tab
We run this against our own scanner daily — see latest runAdd the sarif-export action after your scan to push EU AI Act findings to GitHub Code Scanning. PR reviewers see compliance issues inline (Files changed tab) and in the Security tab — no separate ComplianceLint dashboard login needed for read-only review.
# Add these two steps after your compliancelint-action step:
- id: sarif
uses: ki-sum/compliancelint/.github/actions/sarif-export@master
with:
api-key: ${{ secrets.COMPLIANCELINT_API_KEY }}
level: scan # one alert per article (~30); use "full" for all 247
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.sarif.outputs.sarif-file }}
category: compliancelintRequires Pro plan or higher (the underlying SARIF export endpoint is Pro-gated).
Build behavior
Build passes
All articles are COMPLIANT or PARTIALLY_COMPLIANT. Results are synced to your dashboard for tracking.
Build fails
One or more articles are NON_COMPLIANT. Check the ComplianceLint dashboard for details and remediation steps.
FAQ
Does my source code get uploaded anywhere?
No. ComplianceLint runs entirely inside the GitHub Actions runner. Only compliance findings (verdicts and legal citations) are synced to the dashboard. Zero lines of source code leave your CI environment.
How much does the Anthropic API cost per scan?
A typical scan uses Claude to read your codebase and check it against 247 obligations. Cost depends on codebase size — expect $0.10–$1.00 per scan for most projects.
Can I use this with GitLab CI, Bitbucket Pipelines, or other CI systems?
The workflow YAML is GitHub Actions specific, but the underlying commands work anywhere. Install Python, install ComplianceLint, install Claude Code CLI, and run the same scan command.
What plan do I need for CI/CD integration?
CI/CD integration requires the Pro plan (€99/month) or higher. The Free and Starter plans support local scanning only.
Ready to automate compliance checks?
Start scanning on every push. Catch compliance gaps before they reach production.