Scan your Python AI projects for EU AI Act compliance in CI/CD. One line in your workflow, 51+ checks across 6 articles.
- uses: airblackbox/scan-action@v1Add this to .github/workflows/compliance.yml:
name: AI Compliance Scan
on: [push, pull_request]
jobs:
compliance:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: airblackbox/scan-action@v1
with:
threshold: 60
fail-on: highThat's it. Every push gets scanned. PRs get a compliance comment. Builds fail if the score drops below 60 or any high-severity finding is detected.
The scanner maps to EU AI Act technical requirements:
| Article | Requirement | Example Checks |
|---|---|---|
| Art. 9 | Risk Management | Risk assessment docs, mitigation strategies |
| Art. 10 | Data Governance | Training data documentation, bias checks |
| Art. 11 | Technical Documentation | Model cards, system architecture docs |
| Art. 12 | Record-Keeping | Audit logging, tamper-evident trails |
| Art. 14 | Human Oversight | Human-in-the-loop controls, override mechanisms |
| Art. 15 | Robustness | Error handling, input validation, fallback behavior |
| Input | Description | Default |
|---|---|---|
path |
Path to scan (relative to repo root) | . |
threshold |
Minimum compliance score (0-100). Build fails below this. | 0 (never fail on score) |
fail-on |
Fail on findings of this severity or higher: high, medium, low, or none |
none |
frameworks |
Comma-separated frameworks: eu-ai-act, iso-42001, nist-ai-rmf, colorado-sb-205, or all |
eu-ai-act |
version |
Version of air-compliance-checker to install |
latest |
comment |
Post scan results as a PR comment (true/false). Needs GITHUB_TOKEN. |
true |
badge |
Generate a compliance badge SVG in the repo (true/false) |
false |
json-output |
Path to write raw JSON scan results (empty = skip) | `` |
| Output | Description | Example |
|---|---|---|
score |
Overall compliance score (0-100) | 73 |
total-findings |
Total number of compliance findings | 12 |
high-findings |
Number of high-severity findings | 2 |
medium-findings |
Number of medium-severity findings | 5 |
low-findings |
Number of low-severity findings | 5 |
passed |
Whether the scan passed all thresholds | true |
name: Compliance
on: pull_request
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: airblackbox/scan-action@v1- uses: airblackbox/scan-action@v1
with:
threshold: 70
fail-on: high- uses: airblackbox/scan-action@v1
with:
frameworks: eu-ai-act,iso-42001
threshold: 50- uses: airblackbox/scan-action@v1
with:
path: src/ai_pipeline- uses: airblackbox/scan-action@v1
id: scan
with:
json-output: compliance-results.json
- uses: actions/upload-artifact@v4
if: always()
with:
name: compliance-report
path: compliance-results.json- uses: airblackbox/scan-action@v1
id: scan
- run: echo "Compliance score is ${{ steps.scan.outputs.score }}/100"
- if: steps.scan.outputs.high-findings != '0'
run: echo "::warning::${{ steps.scan.outputs.high-findings }} high-severity findings need attention"- uses: airblackbox/scan-action@v1
with:
badge: true
# Badge is written to .air-compliance-badge.svg
# Commit it back or upload as an artifact- uses: airblackbox/scan-action@v1
with:
version: '0.5.2'When comment: true (the default) and the action runs on a pull request, it posts a comment like this:
AIR Blackbox Compliance Scan: 73/100
12 findings (2 high, 5 medium, 5 low)
Article Name Score Checks Status Art. 9 Risk Management 80% 4/5 ✅ Art. 12 Record-Keeping 45% 3/7 ❌ ...
The comment requires GITHUB_TOKEN which is automatically available in GitHub Actions workflows.
Set badge: true to generate an SVG badge at .air-compliance-badge.svg:
Add it to your README:
- Python 3.9+ (the action sets up Python 3.11 automatically)
- A Python AI project with code to scan
No API keys required. The scanner runs entirely locally.
- Aug 2, 2025: GPAI model obligations apply
- Aug 2, 2026: High-risk AI system rules take effect
- Penalties: Up to EUR 35M or 7% of global turnover
Start scanning now. Fix findings before the deadline.
- AIR Blackbox - Full compliance platform
- Fix Findings Guide - How to resolve compliance gaps
- CLI Scanner - The scanner this action uses
- Compliance Mapping - EU AI Act to ISO 42001 to NIST AI RMF
MIT