> ## Documentation Index
> Fetch the complete documentation index at: https://docs.depfixer.com/llms.txt
> Use this file to discover all available pages before exploring further.

# CI Mode

> API key authentication for CI/CD pipelines

# CI Mode Authentication

For automated environments like CI/CD pipelines, DepFixer supports API key authentication via environment variables.

## Setup

### 1. Generate API Key

1. Log in to [app.depfixer.com](https://app.depfixer.com)
2. Go to **Settings** → **API Keys**
3. Click **Generate New Key**
4. Copy the key (shown only once)

### 2. Add to CI Environment

Store the key as a secret in your CI platform.

**GitHub Actions:**

1. Go to **Settings** → **Secrets and variables** → **Actions**
2. Click **New repository secret**
3. Name: `DEPFIXER_TOKEN`
4. Value: Your API key

**GitLab CI:**

1. Go to **Settings** → **CI/CD** → **Variables**
2. Add variable with key `DEPFIXER_TOKEN` and mask it

### 3. Use in Pipeline

```bash theme={null}
npx depfixer --ci
```

The CLI automatically uses `DEPFIXER_TOKEN` when `--ci` flag is present.

## GitHub Actions Example

```yaml theme={null}
name: Dependency Check

on:
  pull_request:
    paths:
      - 'package.json'
      - 'package-lock.json'

jobs:
  check-deps:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Check Dependencies
        run: npx depfixer --ci
        env:
          DEPFIXER_TOKEN: ${{ secrets.DEPFIXER_TOKEN }}
```

## GitLab CI Example

```yaml theme={null}
dependency-check:
  image: node:20
  script:
    - npx depfixer --ci
  rules:
    - changes:
        - package.json
        - package-lock.json
```

## Exit Codes

| Code | Meaning                       | Pipeline |
| ---- | ----------------------------- | -------- |
| `0`  | No critical/high issues       | Pass     |
| `1`  | Critical or high issues found | Fail     |
| `2`  | Error (auth, network)         | Fail     |

## CI Output

```
  CI Mode - Dependency Analysis
  ────────────────────────────────────────
  Health Score: 72/100
  Total Packages: 45
  Issues Found: 10
    Critical: 1
    High: 3
    Medium: 2
    Low: 4

  Pipeline should fail - critical/high issues detected
```

## JSON Output

For parsing in scripts:

```bash theme={null}
npx depfixer --ci --json
```

```json theme={null}
{
  "success": true,
  "mode": "ci",
  "healthScore": 85,
  "totalPackages": 45,
  "summary": {
    "critical": 0,
    "high": 1,
    "medium": 3,
    "low": 2
  },
  "requiresAttention": true
}
```

## Security Best Practices

1. **Never commit API keys** - Use environment variables
2. **Rotate keys periodically** - Generate new keys quarterly
3. **One key per purpose** - Separate keys for CI, scripts, etc.
4. **Monitor usage** - Check key activity in dashboard
