WarDek is a complete compliance suite that combines an OWASP vulnerability scanner with NIS2, AI Act and GDPR compliance modules, specially designed for European SMEs.

Is my company subject to NIS2?

The NIS2 directive applies to essential and important entities in sectors such as energy, healthcare, transport, digital, etc. Use our free simulator to check.

How should I use WarDek reports in an audit?

WarDek reports provide a practical working base for your team, auditor, or compliance preparation. They are not an official certification or legal opinion.

How long does a scan take?

A complete OWASP scan typically takes between 2 and 5 minutes depending on the complexity of your website.

Absolutely. We never store your credentials. Reports are encrypted and you can delete them at any time. We are hosted in France.

Can I try before I buy?

Yes! The Free plan lets you test WarDek with 3 scans per month, no credit card required.

CI/CD INTEGRATION

Automate security scanning in your deployment pipeline. Catch vulnerabilities before they reach production.

GITHUB ACTIONS

Coming Soon

Add a security gate to your CI pipeline with a single workflow file. The action scans your deployed URL and fails the build if the security score is below your threshold.

Basic Setup

Add your WARDEK_API_KEY to your repository secrets, then create the workflow file:

.github/workflows/security.yml

name: Security Scan
on: [push]

jobs:
  wardek-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Deploy Preview
        id: deploy
        uses: your-deploy-action@v1

      - name: WarDek Security Scan
        uses: wardek/scan-action@v1
        with:
          url: ${{ steps.deploy.outputs.url }}
          api-key: ${{ secrets.WARDEK_API_KEY }}
          min-score: 75

Advanced: SARIF + PR blocking

.github/workflows/security-gate.yml

name: Security Gate
on:
  pull_request:
    branches: [main]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Deploy Preview
        id: deploy
        uses: your-deploy-action@v1

      - name: WarDek Security Scan
        uses: wardek/scan-action@v1
        with:
          url: ${{ steps.deploy.outputs.url }}
          api-key: ${{ secrets.WARDEK_API_KEY }}
          min-score: 80
          fail-on-critical: true
          timeout: 120000
          format: sarif

      - name: Upload SARIF
        if: always()
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: wardek-results.sarif

SARIF output integrates with GitHub Code Scanning. Findings appear directly in the Security tab and as PR annotations.ENTERPRISE

ALTERNATIVE: NPX IN CI

If you prefer not to use the GitHub Action, you can run npx wardek directly:

.github/workflows/wardek-npx.yml

name: Security Scan (npx)
on: [push]

jobs:
  wardek:
    runs-on: ubuntu-latest
    steps:
      - name: Run WarDek Scan
        env:
          WARDEK_API_KEY: ${{ secrets.WARDEK_API_KEY }}
        run: npx wardek scan ${{ env.DEPLOY_URL }} --min-score 75 --fail-on-critical

CONFIGURATION

Input	Type	Required	Description
`url`	`string`	Yes	Target URL to scan
`api-key`	`string`	Yes	WarDek API key
`min-score`	`number`	No	Minimum acceptable score (0-100)
`fail-on-critical`	`boolean`	No	Fail job on critical findings
`timeout`	`number`	No	Scan timeout in ms
`format`	`string`	No	Output format: text, json, sarif

STATUS BADGE

Coming Soon

Display your security score in your README or documentation. The badge updates automatically after each scan.

Markdown

![WarDek Security Score](https://wardek.io/api/badge/your-site-id)

HTML

<a href="https://wardek.io">
  <img src="https://wardek.io/api/badge/your-site-id"
       alt="WarDek Security Score" />
</a>

Preview

wardek87/100

ENTERPRISE FEATURES

ENTERPRISE

Enterprise plans include additional CI/CD capabilities:

SARIF output for GitHub Code Scanning integration
Custom webhook notifications on scan completion
Parallel scanning across multiple environments
Priority scan queue with guaranteed SLA
Dedicated support for pipeline configuration