GitHub Actions
Last updated
Was this helpful?
Last updated
Was this helpful?
is a powerful automation tool that integrates directly with GitHub repositories to allow you to automate your workflow by setting up a series of commands (actions) that execute in response to specific GitHub events like a push or a pull request. These actions can be used for a variety of tasks, such as testing code, deploying applications and, in the case of Safety, scanning for vulnerabilities.
enables automated scanning of your projects for vulnerabilities directly within your GitHub workflow.
Link to Safety GitHub Action:
To utilize the Safety CLI scanner, you first need to .
Once your account is set up, you can obtain your API key from your . This key will be used to authenticate your GitHub Action with Safety's services.
After obtaining your Safety API key, go to your GitHub repository's settings.
Name the secret (e.g., SAFETY_API_KEY) and paste your Safety API key as the value.
In your repository, create a new file in the .github/workflows directory. You can name this file according to its purpose (e.g., safety_scan.yml).
Add the following content to your workflow file:
Commit and push the workflow file to your repository.
The Safety CLI Scanner Action will run automatically on each push, scanning your Python project for any vulnerabilities.
You can customize the behaviour of the Safety Action by using various properties.
You can also add arguments like --detailed-output to get more information from the scan:
api-key
Your Safety API Key
output-format
screen
Options are: screen, json, html, spdx, none
args
Override the default arguments to Safety CLI 3.
Navigate to the '' section and add a new secret.
You may need to create a Personal Access Token (PAT) with workflow permissions in order to push a workflow file to your repo. To do so, please .
For more detailed information about Safety's CLI and its functionalities, please refer to or contact our .
