By default, CybeDefend can scan GitHub repos in the cloud. If you prefer not to grant direct GitHub access, you can run local scans in your GitHub Actions pipeline, uploading code to CybeDefend yourself.
The easiest way to achieve this is by using the official CybeDefend GitHub Action.
Prerequisites
- API Key: Create and store it in your repository’s Settings → Secrets → Actions (e.g.,
CYBEDEFEND_API_KEY).
- Project ID: You should also store your CybeDefend Project ID as a secret (e.g.,
CYBEDEFEND_PROJECT_ID).
Using the CybeDefend Action
The CybeDefend Action runs security scans easily in your CI/CD pipelines using the official CybeDefend CLI, powered by Docker (ghcr.io/cybedefend/cybedefend-cli:latest).
| Name | Description | Required | Default |
|---|
api_key | API Key for authentication | ✅ | |
project_id | Project ID for the scan | ✅ | |
Example Workflow: .github/workflows/cybedefend-scan.yml
Add the following steps to your workflow file:
name: CybeDefend Security Scan
on:
push:
branches:
- main # Or your desired branch
jobs:
cybedefend_scan:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3 # Or a later version
- name: Run CybeDefend Security Scan
uses: CybeDefend/cybedefend-action@v1
with:
api_key: ${{ secrets.CYBEDEFEND_API_KEY }}
project_id: ${{ secrets.CYBEDEFEND_PROJECT_ID }}
Checking Your Results
- Action Logs: The job logs in GitHub Actions show a brief summary of vulnerabilities discovered during the scan.
- CybeDefend Dashboard: Log in to your CybeDefend account to view full vulnerability details, manage issues, and track historical scan data for your project.
Consider restricting scanning to your main development branch (e.g., main or develop). Use scans on feature branches if you want to catch new issues before they are merged.
