Checkout depth
Diff-scope scans need enough git history to resolve the base branch, so the plan calls out full history when needed.
GitHub Actions
Draft the pull-request scan before adding security automation to the repo.
Turn the upstream GitHub Actions example into a scoped workflow plan with secrets, checkout depth, scan mode, and failure policy.
Secrets boundary
LLM provider keys and target credentials belong in CI secrets, not workflow logs or issue comments.
Merge signal
Use the workflow to surface validated findings and reproduction steps, not generic static-analysis noise.
Method boundary
This page helps plan authorized testing. It does not run Strix, attack targets, or verify vulnerabilities. Full workflow generation is gated by the pricing page.