Docs / CI/CD integrations
One local gate for any CI system.
The GitHub Action is a native wrapper. The versioned CLI contract works in GitLab CI, Jenkins, Azure DevOps, CircleCI, Buildkite, Bitbucket Pipelines, and any shell-capable runner.
Portable gate contract
terraform plan -out=tfplan -input=false
terraform show -json tfplan > plan.json
python -m pip install "readtheplan==0.4.0"
readtheplan analyze --fail-on dangerous plan.json
0 continues, 2 means the configured risk threshold was reached, and 1 means a hard input or execution error. The normal report is printed before the process exits.
Copy-ready provider examples
GitHub Actions
Native composite action with typed outputs and threshold inputs.
GitLab CI
Pinned Python image, derived evidence artifacts, and fail-on threshold.
Jenkins
Pipeline stage with an isolated virtual environment and archived reports.
Azure DevOps
Script gate plus always-published summary and evidence artifacts.
CircleCI
Python executor job using the same versioned CLI command.
Buildkite
Shell step with a pinned release and derived artifact paths.
Bitbucket Pipelines
Portable container step with reports retained as artifacts.
Keep raw plans private
Terraform plan JSON can contain sensitive values. Run readtheplan in the same job that creates the plan whenever possible. Archive only the derived summary and evidence files. If a plan must cross job boundaries, use protected artifacts, least-privilege access, encryption, and short retention.
No hosted analyzer is involved. Readtheplan processes the file inside your existing runner.