Docs / CI/CD integrations

One local gate for any CI system.

The GitHub Action is a native wrapper. The versioned CLI contract works in GitLab CI, Jenkins, Azure DevOps, CircleCI, Buildkite, Bitbucket Pipelines, and any shell-capable runner.

Portable gate contract

terraform plan -out=tfplan -input=false
terraform show -json tfplan > plan.json
python -m pip install "readtheplan==0.4.0"
readtheplan analyze --fail-on dangerous plan.json

0 continues, 2 means the configured risk threshold was reached, and 1 means a hard input or execution error. The normal report is printed before the process exits.

Copy-ready provider examples

GitHub Actions

Native composite action with typed outputs and threshold inputs.

GitLab CI

Pinned Python image, derived evidence artifacts, and fail-on threshold.

Jenkins

Pipeline stage with an isolated virtual environment and archived reports.

Azure DevOps

Script gate plus always-published summary and evidence artifacts.

CircleCI

Python executor job using the same versioned CLI command.

Buildkite

Shell step with a pinned release and derived artifact paths.

Bitbucket Pipelines

Portable container step with reports retained as artifacts.

Open every copy-ready example on GitHub ->

Keep raw plans private

Terraform plan JSON can contain sensitive values. Run readtheplan in the same job that creates the plan whenever possible. Archive only the derived summary and evidence files. If a plan must cross job boundaries, use protected artifacts, least-privilege access, encryption, and short retention.

No hosted analyzer is involved. Readtheplan processes the file inside your existing runner.