Use this template to monitor, classify and protect your code, assets, and infrastructure for exposed API keys, tokens, credentials, vulnerable open-source packages, and high-risk security misconfigurations in a simple way, without noise.
The following instructions would help you to perform a fast and simple integration to your GitHub repo workflow actions using GitHub Actions.
Add this job to your workflow yml file under .github/workflows/
name: Secure Code Analysis
on:
- push
- pull_request
jobs:
code-analysis:
uses: CheckPointSW/secure-code-workflow/.github/workflows/code-analysis.yml@latest
secrets: inherit
Spectral action must receive:
SPECTRAL_DSN- You'll need to provide Spectral dsn. GitHub secrets.
To retrieve SPECTRAL_DSN parameter, refer to https://app.spectralops.io/sources
Now, create these keys:
- Organization Scope https://github.com/organizations/OrganizationName/settings/secrets/actions
- Repo Scope https://github.com/AccountName/RepoName/settings/secrets/actions
See more about GitHub secrets.