Safety v3.5.1 is now available. Upgrade using "pip install -U safety"
Safety Firewall
LogoLogo
Safety PlatformResearchSign Up
  • Introduction to Safety
  • Safety Firewall
    • Introduction to Safety Firewall
    • Installation and Configuration
      • Uninstalling Firewall
    • Using Firewall
      • Working with Codebases
      • Firewall Monitoring and Management
      • Firewall Policy Management
      • Troubleshooting
  • SAFETY CLI
    • Introduction to Safety CLI Vulnerability Scanning
      • Quick Start Guide
      • Migrating from Safety CLI 2.x to Safety CLI 3.x
    • Installation and Authentication
    • Scanning for Vulnerable and Malicious Packages
      • Viewing Scan Results
      • Available Commands and Inputs
      • Scanning in CI/CD
      • Securing Development Environments
      • License Scanning
      • Exit Codes
      • Scanning in Production
    • Safety Telemetry
  • Vulnerability Remediation
    • Applying Fixes
  • Integration
    • Securing Git Repositories
      • GitHub
        • GitHub Actions
      • GitLab
      • BitBucket
      • Azure DevOps
      • Git Post-Commit Hooks
    • Pipenv
    • Docker Containers
  • Administration
    • Safety Policy Files
    • Project Policies
  • Output
    • Output Options and Recommendations
    • JSON Output
    • SBOM Output
    • HTML Output
    • Detecting Vulnerabilities and Sharing Results via Email
  • Support
    • Support
    • Invalid API Key Error
    • Headless Authentication
    • Implementation Support
    • Global proxy and identity configuration
    • Using Safety in Conda Environments
  • Miscellaneous
    • Understanding Vulnerability Scoring Systems: CVSS and EPSS
    • Release Notes
      • Breaking Changes in Safety 3
    • Research and Blog
    • Changelogs
    • Trust Center
    • Terms of Service
    • Safety 2.x Documentation
Powered by GitBook
LogoLogo

Safety Platform

  • Sign Up
  • Login

Research

  • Security Research & Blog

Resources

  • GitHub Action
  • GitHub

© Safety CLI Cybersecurity Inc.

On this page

Was this helpful?

  1. Integration
  2. Securing Git Repositories

GitHub

PreviousSecuring Git RepositoriesNextGitHub Actions

Last updated 1 year ago

Was this helpful?

GitHub Actions

This is a guide to setting up and configuring Safety to scan your GitHub repositories for dependency security vulnerabilities using Safety as a GitHub Action. This enables you to configure security and compliance scans on your repositories on new commits, new branches, pull requests, and more.Safety is available as an action in the .

Step 1: Get your Safety API Key

To scan any systems for security vulnerabilities, you first need a Safety API key. You can create a Safety account and get your API key .

In your GitHub repository, navigate to Settings -> Secrets -> Actions, and add your Safety API key as a secret that matches the variable name you've used in the workflow YAML file (SAFETY_API_KEY in all the examples here). Once added, it should look similar to the screenshot below:​​

Step 2: Set up a GitHub Actions workflow on your repository (If you don't have one already)

Step 3: Configure your GitHub workflow YAML file to run Safety scans

GitHub Actions are configured using YAML workflow files in a special .github/workflows/ folder. Here is an example YAML file that runs Safety to scan your project for security vulnerabilities. This will scan in auto-detect mode, which will try and scan the most appropriate thing automatically.You can read more about Safety's scan modes and different options.YAML# This workflow will run Safety security scans on all dependencies that are installed into the environment.# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions# Saved to `.github/workflows/safety.yml`​name: Safety Security Scan​on:push: # Run on every push to any branchpull_request: # Run on new pull requests​jobs:safety:runs-on: ubuntu-lateststeps:- uses: safety/safety@2.3.4with:api-key: ${{secrets.SAFETY_API_KEY}}

GitHub Actions are an easy and powerful way to run CI/CD processes on your codebases hosted on GitHub. Adding Safety security scans to your repositories is as easy as adding a few lines of code to your Github Action workflow configuration file to run Safety.We've created some full pipeline examples below if you don't have one set up yet. If you need help configuring your Python workflow, you can read more on .

getting startup with GitHub workflows in Python
GitHub Marketplace
here