Product
AI Agent
4 modes, 19+ tools, extended thinking
Code Review
Automated reviews with HTML/JSON export
Security Scanning
4 scan skills, SARIF, inline diagnostics
Multi-Agent
Autonomous planning with quality gates
Git & GitHub
Automated commits, PRs, and issues
Testing & TDD
Test generation and TDD workflows
Documentation
Auto-docs, Mermaid, Changelog
IDE & CLI
Extensions
Skills
Community skills and custom commands
MCP Integration
Model Context Protocol servers
Custom Agents & Rules
Custom agents, rules, LURUS.md
Code Indexing
Semantic search with RAG
Hooks
Event automation with 11 events
Web Search & Browser
Brave Search, browser automation
Permissions
Sandbox isolation, file guards, command allowlists
Security
GDPR & EU Hosting
Your code is never stored. Processing exclusively in EU data centers. GDPR-compliant.
View our security standards CI/CD Guides
CI/CD Integration Guides
Automate security & code review in your pipeline
Integrate Lurus Code into your existing CI/CD infrastructure in minutes. Headless execution, defined exit codes, SARIF output, and native PR integration.
How CI/CD Integration Works
Lurus Code provides two dedicated CI/CD commands: lurus security-ci for automated security scanning and lurus code-review-ci for AI-powered code review. Both commands run headless (no browser required), produce machine-readable output, and return standardized exit codes.
Exit Codes
0 Success – no blocking findings
1 Findings at or above --fail-on threshold
2 Scan/review failed (technical error)
3 Credit balance exhausted (partial results)
Authentication in CI/CD
Set LURUS_API_KEY as an environment variable or secret in your CI/CD system. Never commit API keys to your repository.
export LURUS_API_KEY=your-api-key-here 🐙
GitHub Actions
GitHub Actions
GitHub Actions has first-class support in Lurus Code. The CLI automatically detects the GITHUB_ACTIONS environment variable and writes results to GITHUB_STEP_SUMMARY and GITHUB_OUTPUT.
Automatic Step Summary with findings table Output variables:
total_findings, blocking_findings, passed Inline PR review comments via --pr-comments Automatic PR verdict (APPROVE / REQUEST_CHANGES) via --verdict SARIF upload to GitHub Code Scanning 1
Security Scan on Pull Requests
Run a security scan on every PR and post inline findings as review comments.
.github/workflows/lurus-security.yml
name: Lurus Security Scan
on:
pull_request:
branches: [main, develop]
jobs:
security-scan:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write # Required for PR comments
security-events: write # Required for SARIF upload
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history for git diff
- uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install Lurus Code CLI
run: npm install -g @scramble-cloud/lurus-code-cli
- name: Run Lurus Security Scan
run: lurus security-ci --diff --pr-comments --fail-on high
env:
LURUS_API_KEY: ${{ secrets.LURUS_API_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SARIF to GitHub Code Scanning
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: lurus-security-results.sarif 2
Code Review with Automatic Verdict
Run an AI code review on every PR and automatically approve or request changes.
.github/workflows/lurus-review.yml
name: Lurus Code Review
on:
pull_request:
branches: [main, develop]
jobs:
code-review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install Lurus Code CLI
run: npm install -g @scramble-cloud/lurus-code-cli
- name: Run Lurus Code Review
run: lurus code-review-ci --pr-comments --verdict --fail-on high
env:
LURUS_API_KEY: ${{ secrets.LURUS_API_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 3
Combined Pipeline (Security + Review)
Run both security scan and code review in parallel for maximum coverage.
.github/workflows/lurus-full.yml
name: Lurus Full CI Check
on:
pull_request:
branches: [main, develop]
jobs:
security-scan:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
security-events: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: '20'
- run: npm install -g @scramble-cloud/lurus-code-cli
- name: Security Scan
run: lurus security-ci --diff --pr-comments --fail-on high
env:
LURUS_API_KEY: ${{ secrets.LURUS_API_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SARIF
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: lurus-security-results.sarif
code-review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: '20'
- run: npm install -g @scramble-cloud/lurus-code-cli
- name: Code Review
run: lurus code-review-ci --pr-comments --verdict --fail-on high
env:
LURUS_API_KEY: ${{ secrets.LURUS_API_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 4
Scheduled Full Project Scan
Run a full security scan on the entire codebase on a schedule (e.g. nightly).
.github/workflows/lurus-nightly.yml
name: Lurus Nightly Security Scan
on:
schedule:
- cron: '0 2 * * *' # Every night at 2:00 AM UTC
workflow_dispatch: # Manual trigger
jobs:
full-security-scan:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install Lurus Code CLI
run: npm install -g @scramble-cloud/lurus-code-cli
- name: Full Security Scan
run: |
lurus security-ci \
--format sarif \
--output lurus-security-results.sarif \
--fail-on critical
env:
LURUS_API_KEY: ${{ secrets.LURUS_API_KEY }}
- name: Upload SARIF to GitHub Code Scanning
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: lurus-security-results.sarif security-ci
total_findings Total number of findings blocking_findings Findings at or above --fail-on threshold passed `true` if no blocking findings code-review-ci
total_findings Total number of review findings blocking_findings Findings at or above --fail-on threshold verdict `approve`, `needsChanges`, or `comment` passed `true` if no blocking findings 🦊
GitLab CI
GitLab CI
Integrate Lurus Code into your GitLab CI/CD pipeline using .gitlab-ci.yml. Use GitLab CI/CD variables to store your API key securely.
Runs in any Docker-based GitLab Runner SARIF artifacts for GitLab Security Dashboard Merge request pipeline integration GitLab CI/CD Variables for secrets management Artifacts for HTML reports
1
Security Scan on Merge Requests
Scan changed files on every merge request and fail the pipeline on high+ findings.
.gitlab-ci.yml
stages:
- security
lurus-security-scan:
stage: security
image: node:20-alpine
only:
- merge_requests
before_script:
- npm install -g @scramble-cloud/lurus-code-cli
script:
- lurus security-ci
--diff
--format sarif
--output gl-sast-report.sarif
--fail-on high
variables:
LURUS_API_KEY: $LURUS_API_KEY
artifacts:
when: always
reports:
sast: gl-sast-report.sarif
paths:
- gl-sast-report.sarif
expire_in: 1 week 2
Code Review on Merge Requests
Run an AI code review and generate an HTML report as a downloadable artifact.
.gitlab-ci.yml
stages:
- review
lurus-code-review:
stage: review
image: node:20-alpine
only:
- merge_requests
before_script:
- npm install -g @scramble-cloud/lurus-code-cli
script:
- lurus code-review-ci
--format html
--output code-review-report.html
--fail-on high
variables:
LURUS_API_KEY: $LURUS_API_KEY
artifacts:
when: always
paths:
- code-review-report.html
expire_in: 1 week 3
Full Pipeline with Both Commands
Complete GitLab CI configuration with security scan and code review in parallel.
.gitlab-ci.yml
stages:
- lurus-checks
variables:
LURUS_API_KEY: $LURUS_API_KEY
.lurus-base:
image: node:20-alpine
only:
- merge_requests
before_script:
- npm install -g @scramble-cloud/lurus-code-cli
lurus-security:
extends: .lurus-base
stage: lurus-checks
script:
- lurus security-ci --diff --format sarif --fail-on high
artifacts:
when: always
reports:
sast: lurus-security-results.sarif
expire_in: 1 week
lurus-review:
extends: .lurus-base
stage: lurus-checks
script:
- lurus code-review-ci --format html --output review.html --fail-on high
artifacts:
when: always
paths:
- review.html
expire_in: 1 week ℹ️Setting up GitLab CI/CD Variables
- 1 Go to your project → Settings → CI/CD → Variables
- 2 Add a new variable: Key =
LURUS_API_KEY, Value = your API key - 3 Check "Mask variable" to hide the value in job logs
- 4 Check "Protect variable" to restrict it to protected branches
🔵
Jenkins
Jenkins
Integrate Lurus Code into Jenkins using a Declarative Pipeline (Jenkinsfile). Store your API key as a Jenkins credential.
Declarative Pipeline (Jenkinsfile) Jenkins Credentials for API key management HTML Publisher Plugin for report display Parallel stages for security + review Post-build artifact archiving
1
Security Scan Pipeline
A Jenkinsfile that runs a security scan on pull request branches.
Jenkinsfile
pipeline {
agent {
docker {
image 'node:20-alpine'
}
}
environment {
LURUS_API_KEY = credentials('lurus-api-key')
}
stages {
stage('Install') {
steps {
sh 'npm install -g @scramble-cloud/lurus-code-cli'
}
}
stage('Security Scan') {
steps {
sh '''
lurus security-ci \
--diff \
--format sarif \
--output lurus-security-results.sarif \
--fail-on high
'''
}
post {
always {
archiveArtifacts artifacts: 'lurus-security-results.sarif',
allowEmptyArchive: true
}
}
}
}
post {
failure {
echo 'Security scan failed – blocking findings detected'
}
success {
echo 'Security scan passed'
}
}
} 2
Code Review Pipeline with HTML Report
Run a code review and publish the HTML report in the Jenkins UI.
Jenkinsfile
pipeline {
agent {
docker {
image 'node:20-alpine'
}
}
environment {
LURUS_API_KEY = credentials('lurus-api-key')
}
stages {
stage('Install') {
steps {
sh 'npm install -g @scramble-cloud/lurus-code-cli'
}
}
stage('Code Review') {
steps {
sh '''
lurus code-review-ci \
--format html \
--output code-review-report.html \
--fail-on high
'''
}
post {
always {
publishHTML(target: [
allowMissing: true,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: '.',
reportFiles: 'code-review-report.html',
reportName: 'Lurus Code Review Report'
])
}
}
}
}
} 3
Full Pipeline with Parallel Stages
Run security scan and code review in parallel for faster feedback.
Jenkinsfile
pipeline {
agent {
docker {
image 'node:20-alpine'
}
}
environment {
LURUS_API_KEY = credentials('lurus-api-key')
}
stages {
stage('Install') {
steps {
sh 'npm install -g @scramble-cloud/lurus-code-cli'
}
}
stage('Lurus Checks') {
parallel {
stage('Security Scan') {
steps {
sh 'lurus security-ci --diff --fail-on high'
}
post {
always {
archiveArtifacts artifacts: 'lurus-security-results.sarif',
allowEmptyArchive: true
}
}
}
stage('Code Review') {
steps {
sh 'lurus code-review-ci --format html --output review.html --fail-on high'
}
post {
always {
publishHTML(target: [
reportDir: '.',
reportFiles: 'review.html',
reportName: 'Code Review Report'
])
}
}
}
}
}
}
post {
failure {
echo 'Lurus checks failed – review findings above'
}
}
} ℹ️Adding the API Key as Jenkins Credential
- 1 Go to Jenkins → Manage Jenkins → Manage Credentials
- 2 Click "Add Credentials" → Kind: "Secret text"
- 3 ID:
lurus-api-key, Secret: your API key - 4 Reference in Jenkinsfile with
credentials('lurus-api-key')
⚙️
CircleCI
CircleCI
Add Lurus Code to your CircleCI config using .circleci/config.yml. Store your API key as a CircleCI environment variable.
Docker executor with Node.js CircleCI Context for secrets management Artifact storage for reports Parallel workflow jobs Branch-based filtering
1
Security Scan Job
A CircleCI job that runs a security scan on every push to a PR branch.
.circleci/config.yml
version: 2.1
jobs:
lurus-security-scan:
docker:
- image: cimg/node:20.0
steps:
- checkout
- run:
name: Install Lurus Code CLI
command: npm install -g @scramble-cloud/lurus-code-cli
- run:
name: Run Security Scan
command: |
lurus security-ci \
--diff \
--format sarif \
--output lurus-security-results.sarif \
--fail-on high
- store_artifacts:
path: lurus-security-results.sarif
destination: security-report
workflows:
pr-checks:
jobs:
- lurus-security-scan:
filters:
branches:
ignore: main 2
Code Review Job
Run an AI code review and store the HTML report as a CircleCI artifact.
.circleci/config.yml
version: 2.1
jobs:
lurus-code-review:
docker:
- image: cimg/node:20.0
steps:
- checkout
- run:
name: Install Lurus Code CLI
command: npm install -g @scramble-cloud/lurus-code-cli
- run:
name: Run Code Review
command: |
lurus code-review-ci \
--format html \
--output code-review-report.html \
--fail-on high
- store_artifacts:
path: code-review-report.html
destination: code-review-report
workflows:
pr-checks:
jobs:
- lurus-code-review:
filters:
branches:
ignore: main 3
Full Workflow with Parallel Jobs
Complete CircleCI configuration running security scan and code review in parallel.
.circleci/config.yml
version: 2.1
executors:
node-executor:
docker:
- image: cimg/node:20.0
commands:
install-lurus:
steps:
- run:
name: Install Lurus Code CLI
command: npm install -g @scramble-cloud/lurus-code-cli
jobs:
lurus-security:
executor: node-executor
steps:
- checkout
- install-lurus
- run:
name: Security Scan
command: |
lurus security-ci \
--diff \
--fail-on high \
--format sarif
- store_artifacts:
path: lurus-security-results.sarif
lurus-review:
executor: node-executor
steps:
- checkout
- install-lurus
- run:
name: Code Review
command: |
lurus code-review-ci \
--fail-on high \
--format html \
--output review.html
- store_artifacts:
path: review.html
workflows:
pr-pipeline:
jobs:
- lurus-security:
context: lurus-credentials
filters:
branches:
ignore: main
- lurus-review:
context: lurus-credentials
filters:
branches:
ignore: main ℹ️Setting up CircleCI Environment Variables
- 1 Go to your CircleCI project → Project Settings → Environment Variables
- 2 Add
LURUS_API_KEYwith your API key as the value - 3 Alternatively, create a CircleCI Context (Organization Settings → Contexts) for sharing across projects
- 4 Reference the context in your workflow with
context: your-context-name
✨
Best Practices
🔑
Secure API Key Storage
Always store LURUS_API_KEY as an encrypted secret/credential in your CI/CD system. Never hardcode it in configuration files.
⚡
Use --diff for PR Pipelines
Use --diff to scan only changed files in PR pipelines. This is faster, cheaper, and provides more relevant feedback.
📊
Start with --fail-on critical
Begin with --fail-on critical and progressively lower the threshold as your team addresses existing issues.
📄
Archive Reports as Artifacts
Always archive SARIF and HTML reports as CI artifacts for later review, even when the job passes.
🔄
Separate Jobs for Security and Review
Run security-ci and code-review-ci as separate parallel jobs to get faster feedback and independent failure states.
🌙
Schedule Full Scans Separately
Use --diff for PR pipelines and schedule full project scans (without --diff) nightly or weekly.
Ready to automate your pipeline?
Get your API key and start integrating Lurus Code into your CI/CD workflow today.