title: “Pre-phase: SAST”
Pre-phase: Static Application Security Testing (SAST)
The Pre-phase scan analyzes your source code for security vulnerabilities, hardcoded secrets, and compliance issues before your application is built or deployed.
Example Workflow: SAST Scan
This job checks out your code and runs the Pre-phase action against your repository.
jobs:
  sast-scan:
    name: Pre-phase - SAST Scan
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
 
      - name: Run SecureCI Pre-phase Scan
        uses: clockhash-kiran/scan-actions/pre-phase@main
        with:
          target_url: 'your-github-org/your-repo-name'
          user_id: 'YOUR_USER_ID'
          project_id: 'YOUR_PROJECT_ID'
          api_token: ${{ secrets.SECURECI_API_TOKEN }}
          pat: ${{ secrets.PAT_TOKEN }}
          branch: 'main'