# GitHub Actions

## Introduction to GitHub Actions

[GitHub Actions](https://github.com/features/actions) is a powerful automation tool that integrates directly with GitHub repositories to allow you to automate your workflow by setting up a series of commands (actions) that execute in response to specific GitHub events like a push or a pull request. These actions can be used for a variety of tasks, such as testing code, deploying applications and, in the case of Safety, scanning for vulnerabilities.

[**The Safety CLI Scanner GitHub Action**](https://github.com/marketplace/actions/pyupio-safety-action) enables automated scanning of your projects for vulnerabilities directly within your GitHub workflow.

Link to Safety GitHub Action: <https://github.com/marketplace/actions/pyupio-safety-action>

## Setting Up the Safety GitHub Action

### **Step 1: Create a Safety Account and Obtain an API Key**

* To utilize the Safety CLI scanner, you first need to [create a Safety account](https://platform.safetycli.com/register/).
* Once your account is set up, you can obtain your API key from your [Safety Dashboard](https://platform.safetycli.com/). This key will be used to authenticate your GitHub Action with Safety's services.

<figure><img src="https://1428014516-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0ABDwXSDJWM5juLdc6ie%2Fuploads%2Fgit-blob-346d09f802986e10ea7577618aa4d2c620128306%2FScreenshot%202024-07-15%20at%2012.03.09.png?alt=media" alt=""><figcaption><p>Organization and User API Keys are available in Organization->API Keys</p></figcaption></figure>

### **Step 2: Configure the GitHub Secret**

* After obtaining your Safety API key, go to your GitHub repository's settings.
* Navigate to the '[Secrets](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions)' section and add a new secret.
* Name the secret (e.g., `SAFETY_API_KEY`) and paste your Safety API key as the value.

<figure><img src="https://1428014516-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0ABDwXSDJWM5juLdc6ie%2Fuploads%2Fgit-blob-4aaa70467a64d58bb7b3cadd3db039b11d705288%2FScreenshot%202024-07-15%20at%2012.07.00.png?alt=media" alt=""><figcaption><p>Add a new Secret to your Repo called SAFETY_API_KEY</p></figcaption></figure>

### **Step 3: Set Up the Workflow File**

* You may need to create a Personal Access Token (PAT) with workflow permissions in order to push a workflow file to your repo. To do so, please [refer to this guide](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens).
* In your repository, create a new file in the `.github/workflows` directory. You can name this file according to its purpose (e.g., `safety_scan.yml`).
* Add the following content to your workflow file:

```yaml
name: Example workflow for Python using Safety Action
on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@main
      - name: Run Safety CLI to check for vulnerabilities
        uses: pyupio/safety-action@v1
        with:
          api-key: ${{ secrets.SAFETY_API_KEY }}

```

<figure><img src="https://1428014516-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0ABDwXSDJWM5juLdc6ie%2Fuploads%2Fgit-blob-3b9f35628745af097a2b82d29bc6b5ef2fbf3fc8%2FScreenshot%202024-07-15%20at%2012.29.26.png?alt=media" alt=""><figcaption></figcaption></figure>

### **Step 4: Activate the Workflow**

* Commit and push the workflow file to your repository.
* The Safety CLI Scanner Action will run automatically on each push, scanning your Python project for any vulnerabilities.

### **Additional Configurations (Optional)**

* You can customize the behaviour of the Safety Action by using various properties.
* You can also add arguments like `--detailed-output` to get more information from the scan:

```yaml
name: Example workflow customizing the Safety Action
on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@main
      - name: Run Safety CLI to check for vulnerabilities
        uses: pyupio/safety-action@v1
        with:
          api-key: ${{ secrets.SAFETY_API_KEY }}
          args: --detailed-output # To always see detailed output from this action

```

#### Available Properties

<table><thead><tr><th>Property</th><th width="122.33333333333331">Default</th><th>Description</th></tr></thead><tbody><tr><td>api-key</td><td></td><td>Your Safety API Key</td></tr><tr><td>output-format</td><td>screen</td><td>Options are: screen, json, html, spdx, none</td></tr><tr><td>args</td><td></td><td>Override the default arguments to Safety CLI 3.</td></tr></tbody></table>

For more detailed information about Safety's CLI and its functionalities, please refer to [Safety 3 Documentation](https://docs.safetycli.com/safety-docs) or contact our [Support Team](https://docs.safetycli.com/safety-docs/support/support).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.safetycli.com/safety-docs/installation/securing-git-repositories/github/github-actions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.