Skip to content

Github Actions

Integration as Github Actions

ShiftLeft Scan is available as a free GitHub action here

A minimal setup configuration is shown below:

- uses: ShiftLeftSecurity/scan-action@master
  with:
    type: "credscan,java,depscan"

An advanced configuration including the ability to customize the WORKSPACE URL and GitHub package search is below:

- name: ShiftLeft Scan
  uses: ShiftLeftSecurity/scan-action@master
  env:
    WORKSPACE: https://github.com/${{ github.repository }}/blob/${{ github.sha }}
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    SCAN_AUTO_BUILD: true
  with:
    output: reports
- name: Upload scan reports
  uses: actions/upload-artifact@v1.0.0
  with:
    name: shiftleft-scan-reports
    path: reports

Refer to this example for a complete build pipeline.

Reports


Last update: July 3, 2020