Integrate CybeDefend local scans into your GitHub Actions workflow using the official CybeDefend Action.
By default, CybeDefend can scan GitHub repos in the cloud. If you prefer not to grant direct GitHub access, you can run local scans in your GitHub Actions pipeline, uploading code to CybeDefend yourself.
The easiest way to achieve this is by using the official CybeDefend GitHub Action.
CYBEDEFEND_API_KEY
).CYBEDEFEND_PROJECT_ID
).The CybeDefend Action runs security scans easily in your CI/CD pipelines using the official CybeDefend CLI, powered by Docker (ghcr.io/cybedefend/cybedefend-cli:latest
).
Name | Description | Required | Default |
---|---|---|---|
api_key | API Key for authentication | ✅ | |
project_id | Project ID for the scan | ✅ |
.github/workflows/cybedefend-scan.yml
Add the following steps to your workflow file:
This workflow checks out your code and then runs the CybeDefend action, which handles the scanning process using the provided API key and project ID.
Consider restricting scanning to your main development branch (e.g., main
or develop
). Use scans on feature branches if you want to catch new issues before they are merged.
Integrate CybeDefend local scans into your GitHub Actions workflow using the official CybeDefend Action.
By default, CybeDefend can scan GitHub repos in the cloud. If you prefer not to grant direct GitHub access, you can run local scans in your GitHub Actions pipeline, uploading code to CybeDefend yourself.
The easiest way to achieve this is by using the official CybeDefend GitHub Action.
CYBEDEFEND_API_KEY
).CYBEDEFEND_PROJECT_ID
).The CybeDefend Action runs security scans easily in your CI/CD pipelines using the official CybeDefend CLI, powered by Docker (ghcr.io/cybedefend/cybedefend-cli:latest
).
Name | Description | Required | Default |
---|---|---|---|
api_key | API Key for authentication | ✅ | |
project_id | Project ID for the scan | ✅ |
.github/workflows/cybedefend-scan.yml
Add the following steps to your workflow file:
This workflow checks out your code and then runs the CybeDefend action, which handles the scanning process using the provided API key and project ID.
Consider restricting scanning to your main development branch (e.g., main
or develop
). Use scans on feature branches if you want to catch new issues before they are merged.