Integrating CI/CD with CLI for Online Scans: GitHub Actions

Modified on Tue, 4 Jun at 1:44 PM

GitHub Actions enables the automation of workflows directly from your GitHub repository. By integrating GitHub Actions with Cloud Defense, you can automate security scans during your development process, ensuring continuous integration and delivery of secure software.


Setting Up GitHub Actions

Step 1: Configure Self-Hosted Runners


To utilize GitHub Actions with enhanced control and privacy, you'll need to set up self-hosted runners. These runners will execute jobs in your CI/CD workflows on machines that you manage.


  • Navigate to your repository's Settings and select the 'Actions' tab.

  • Click on 'Runners' and then 'New runner'. Follow the instructions to set up a runner on a Linux VM or any other operating system you prefer. Ensure that the machine is secure and meets the requirements for running GitHub Actions.


For instance, you might execute the following commands on your Linux VM to prepare it for GitHub Actions:


mkdir ObjcTest # Ensure the directory name matches your repository name
cd ObjcTest
./config.sh --url https://github.com/your-org/your-repo --token <YOUR_TOKEN>

Step 2: Secure API Keys with Secrets

To ensure your workflows are secure and to keep sensitive data like API keys safe, use GitHub Secrets.


  • Go back to your repository's Settings, choose 'Secrets', and then 'New repository secret'.

  • Name your secret API_KEY and paste the API key you wish to use for integrating with Cloud Defense. This key will be used securely in your GitHub Actions without exposing it in your workflow files.


Step 3: Create and Configure Your Workflow


Define your GitHub Actions workflow by creating a .yml file under .github/workflows in your repository.


Structure your repository to include the workflow file at .github/workflows/action.yml.

Ensure that your action.yml file is correctly set up to trigger on the desired events (e.g., push, pull request). Include steps that define how to execute Cloud Defense scans using the API key stored in your secrets.


An example of a simple action.yml might look like this:


name: Cloud Defense Scan
on: [push]

jobs:
security_scan:
runs-on: self-hosted
steps:
- name: Checkout repo
          uses: actions/checkout@v2

- name: Run Cloud Defense Scan
run: |
echo "Running security scan..."
        cdefense scan --api-key ${{ secrets.API_KEY }} --project-name ${{ github.repository }}

This workflow checks out your code and runs a security scan using Cloud Defense every time there's a push to the repository. Adjust the parameters according to your Cloud Defense CLI configuration.


This integration allows you to automate the security assessment of your projects with every change, helping to catch vulnerabilities early in the development cycle. By using self-hosted runners, you maintain control over the environment and ensure that sensitive data used during the CI/CD process remains within your infrastructure. Additionally, by using GitHub Secrets, you protect sensitive configuration details such as API keys from exposure.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article