Outputs
The Odin Scan action exposes several outputs that you can reference in subsequent workflow steps. These are useful for conditional logic, notifications, or custom reporting.
Output Reference
| Output | Type | Description |
|---|---|---|
analysis-id | String | Unique identifier for the analysis run |
status | String | Final analysis status: completed or failed |
total-findings | Number | Total number of findings across all severities |
critical-count | Number | Number of critical-severity findings |
high-count | Number | Number of high-severity findings |
medium-count | Number | Number of medium-severity findings |
low-count | Number | Number of low-severity findings |
report-url | String | URL to the full report on Odin Scan |
sarif-file | String | Local path to the generated SARIF file |
Accessing Outputs
To use outputs, assign an id to the Odin Scan step and reference its outputs using the steps.<id>.outputs.<name> syntax:
steps:
- uses: actions/checkout@v4
- name: Run Odin Scan
id: scan
uses: odin-scan/odin-scan-action@v1
with:
api-key: ${{ secrets.ODIN_SCAN_API_KEY }}
- name: Print results
if: always()
run: |
echo "Analysis ID: ${{ steps.scan.outputs.analysis-id }}"
echo "Status: ${{ steps.scan.outputs.status }}"
echo "Total Findings: ${{ steps.scan.outputs.total-findings }}"
echo "Critical: ${{ steps.scan.outputs.critical-count }}"
echo "High: ${{ steps.scan.outputs.high-count }}"
echo "Medium: ${{ steps.scan.outputs.medium-count }}"
echo "Low: ${{ steps.scan.outputs.low-count }}"
echo "Report: ${{ steps.scan.outputs.report-url }}"
Use
if: always()on steps that reference outputs to ensure they run even when the scan step fails due to findings exceeding the severity threshold.
Example: Conditional Notification
You can use outputs to trigger notifications only when critical findings are detected:
- name: Notify on critical findings
if: always() && steps.scan.outputs.critical-count != '0'
run: |
curl -X POST "${{ secrets.SLACK_WEBHOOK }}" \
-H 'Content-Type: application/json' \
-d '{
"text": "Odin Scan found ${{ steps.scan.outputs.critical-count }} critical findings in ${{ github.repository }}. Report: ${{ steps.scan.outputs.report-url }}"
}'
Example: Custom Threshold Logic
If you need more granular control than the built-in severity-threshold input, you can use outputs to implement custom pass/fail logic:
- name: Check findings
if: always()
run: |
CRITICAL=${{ steps.scan.outputs.critical-count }}
HIGH=${{ steps.scan.outputs.high-count }}
TOTAL=$((CRITICAL + HIGH))
if [ "$TOTAL" -gt 5 ]; then
echo "Too many high+ findings ($TOTAL). Failing."
exit 1
fi