Update PLUGINS.md with workflow setup instructions#211
Merged
lindseywild merged 4 commits intomainfrom Apr 30, 2026
Merged
Conversation
Added instructions for using the actions/checkout step in workflows.
Contributor
There was a problem hiding this comment.
Pull request overview
Updates PLUGINS.md to document required workflow setup for running custom scanner plugins (notably ensuring the repository contents are available to the action at runtime).
Changes:
- Adds guidance to include an
actions/checkoutstep before the scanner action. - Adds a workflow snippet illustrating the required step ordering.
Show a summary per file
| File | Description |
|---|---|
| PLUGINS.md | Documents adding actions/checkout before the scanner step, with an example workflow snippet. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 3
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
| - Each plugin should have one `index.ts` OR `index.js` file inside its folder. | ||
| - The `index.ts/index.js` file must export a `name` field. This is the name used to pass to the `scans` input. So if the plugin exports a name value of `my-custom-plugin` and we pass the following to the scanner action inputs: `scans: ['my-custom-plugin']`, it would cause the scanner to only run that plugin. | ||
| - The `index.ts/index.js` file must export a default function. This is the function that the scanner uses to run the plugin. This can be an async function. | ||
| - In your workflow file, before the scanner step, add `- uses: actions/checkout@v6` (or whatever the current version is), like so: |
Contributor
There was a problem hiding this comment.
I think it would be valuable to include why this is necessary. Someone might skip this step not knowing why its required (and thinking its not important), and then not know why their custom plugin isn't loading.
Clarify instructions for adding plugins to the scanner.
abdulahmad307
approved these changes
Apr 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added instructions for using the actions/checkout step in workflows, as it's required to run custom plugins.