Safety v3.5.1 is now available. Upgrade using "pip install -U safety"
Safety Firewall
LogoLogo
Safety PlatformResearchSign Up
  • Introduction to Safety
  • Safety Firewall
    • Introduction to Safety Firewall
    • Installation and Configuration
      • Uninstalling Firewall
    • Using Firewall
      • Working with Codebases
      • Firewall Monitoring and Management
      • Firewall Policy Management
      • Troubleshooting
  • SAFETY CLI
    • Introduction to Safety CLI Vulnerability Scanning
      • Quick Start Guide
      • Migrating from Safety CLI 2.x to Safety CLI 3.x
    • Installation and Authentication
    • Scanning for Vulnerable and Malicious Packages
      • Viewing Scan Results
      • Available Commands and Inputs
      • Scanning in CI/CD
      • Securing Development Environments
      • License Scanning
      • Exit Codes
      • Scanning in Production
    • Safety Telemetry
  • Vulnerability Remediation
    • Applying Fixes
  • Integration
    • Securing Git Repositories
      • GitHub
        • GitHub Actions
      • GitLab
      • BitBucket
      • Azure DevOps
      • Git Post-Commit Hooks
    • Pipenv
    • Docker Containers
  • Administration
    • Safety Policy Files
    • Project Policies
  • Output
    • Output Options and Recommendations
    • JSON Output
    • SBOM Output
    • HTML Output
    • Detecting Vulnerabilities and Sharing Results via Email
  • Support
    • Support
    • Invalid API Key Error
    • Headless Authentication
    • Implementation Support
    • Global proxy and identity configuration
    • Using Safety in Conda Environments
  • Miscellaneous
    • Understanding Vulnerability Scoring Systems: CVSS and EPSS
    • Release Notes
      • Breaking Changes in Safety 3
    • Research and Blog
    • Changelogs
    • Trust Center
    • Terms of Service
    • Safety 2.x Documentation
Powered by GitBook
LogoLogo

Safety Platform

  • Sign Up
  • Login

Research

  • Security Research & Blog

Resources

  • GitHub Action
  • GitHub

© Safety CLI Cybersecurity Inc.

On this page
  • Introduction to GitHub Actions
  • Setting Up the Safety GitHub Action
  • Step 1: Create a Safety Account and Obtain an API Key
  • Step 2: Configure the GitHub Secret
  • Step 3: Set Up the Workflow File
  • Step 4: Activate the Workflow
  • Additional Configurations (Optional)

Was this helpful?

  1. Integration
  2. Securing Git Repositories
  3. GitHub

GitHub Actions

PreviousGitHubNextGitLab

Last updated 6 months ago

Was this helpful?

Introduction to GitHub Actions

is a powerful automation tool that integrates directly with GitHub repositories to allow you to automate your workflow by setting up a series of commands (actions) that execute in response to specific GitHub events like a push or a pull request. These actions can be used for a variety of tasks, such as testing code, deploying applications and, in the case of Safety, scanning for vulnerabilities.

enables automated scanning of your projects for vulnerabilities directly within your GitHub workflow.

Link to Safety GitHub Action:

Setting Up the Safety GitHub Action

Step 1: Create a Safety Account and Obtain an API Key

  • To utilize the Safety CLI scanner, you first need to .

  • Once your account is set up, you can obtain your API key from your . This key will be used to authenticate your GitHub Action with Safety's services.

Step 2: Configure the GitHub Secret

  • After obtaining your Safety API key, go to your GitHub repository's settings.

  • Name the secret (e.g., SAFETY_API_KEY) and paste your Safety API key as the value.

Step 3: Set Up the Workflow File

  • In your repository, create a new file in the .github/workflows directory. You can name this file according to its purpose (e.g., safety_scan.yml).

  • Add the following content to your workflow file:

name: Example workflow for Python using Safety Action
on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@main
      - name: Run Safety CLI to check for vulnerabilities
        uses: pyupio/safety-action@v1
        with:
          api-key: ${{ secrets.SAFETY_API_KEY }}

Step 4: Activate the Workflow

  • Commit and push the workflow file to your repository.

  • The Safety CLI Scanner Action will run automatically on each push, scanning your Python project for any vulnerabilities.

Additional Configurations (Optional)

  • You can customize the behaviour of the Safety Action by using various properties.

  • You can also add arguments like --detailed-output to get more information from the scan:

name: Example workflow customizing the Safety Action
on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@main
      - name: Run Safety CLI to check for vulnerabilities
        uses: pyupio/safety-action@v1
        with:
          api-key: ${{ secrets.SAFETY_API_KEY }}
          args: --detailed-output # To always see detailed output from this action

Available Properties

Property
Default
Description

api-key

Your Safety API Key

output-format

screen

Options are: screen, json, html, spdx, none

args

Override the default arguments to Safety CLI 3.

Navigate to the '' section and add a new secret.

You may need to create a Personal Access Token (PAT) with workflow permissions in order to push a workflow file to your repo. To do so, please .

For more detailed information about Safety's CLI and its functionalities, please refer to or contact our .

Secrets
refer to this guide
Safety 3 Documentation
Support Team
GitHub Actions
The Safety CLI Scanner GitHub Action
https://github.com/marketplace/actions/pyupio-safety-action
create a Safety account
Safety Dashboard
Organization and User API Keys are available in Organization->API Keys
Add a new Secret to your Repo called SAFETY_API_KEY