By default, CybeDefend can scan GitHub repos in the cloud. If you prefer not to grant direct GitHub access, you can run local scans in your GitHub Actions pipeline, uploading code to CybeDefend yourself.

The easiest way to achieve this is by using the official CybeDefend GitHub Action.

​

Prerequisites

• API Key: Create and store it in your repository’s Settings → Secrets → Actions (e.g., CYBEDEFEND_API_KEY).
• Project ID: You should also store your CybeDefend Project ID as a secret (e.g., CYBEDEFEND_PROJECT_ID).

​

Using the CybeDefend Action

The CybeDefend Action runs security scans easily in your CI/CD pipelines using the official CybeDefend CLI, powered by Docker (ghcr.io/cybedefend/cybedefend-cli:latest).

​

Inputs

​

Example Workflow: .github/workflows/cybedefend-scan.yml

Add the following steps to your workflow file:

name: CybeDefend Security Scan

on:
  push:
    branches:
      - main  # Or your desired branch

jobs:
  cybedefend_scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3 # Or a later version

      - name: Run CybeDefend Security Scan
        uses: CybeDefend/cybedefend-action@v1
        with:
          api_key: ${{ secrets.CYBEDEFEND_API_KEY }}
          project_id: ${{ secrets.CYBEDEFEND_PROJECT_ID }}

This workflow checks out your code and then runs the CybeDefend action, which handles the scanning process using the provided API key and project ID.

​

Checking Your Results

• Action Logs: The job logs in GitHub Actions show a brief summary of vulnerabilities discovered during the scan.
• CybeDefend Dashboard: Log in to your CybeDefend account to view full vulnerability details, manage issues, and track historical scan data for your project.