Skip to content
/ security-scan-examples Public

Example workflows for the GeekWala Security Scan GitHub Action

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Geekwala/security-scan-examples

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
.geekwala-ignore.yml
.geekwala-ignore.yml
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

GeekWala Security Scan - Examples

Example workflows showing how to integrate GeekWala Security Scan into your CI/CD pipeline.

Setup

  1. Get an API token at geekwala.com/developers/api-tokens
  2. Add it as a repository secret named GEEKWALA_API_TOKEN

Examples

Basic Scan

The simplest setup. Auto-detects your dependency file and fails on critical vulnerabilities (the default).

- uses: Geekwala/security-scan-action@v1
  with:
    api-token: ${{ secrets.GEEKWALA_API_TOKEN }}

Strict Security Gate

Production-grade security gate that:

  • Fails on high+ severity vulnerabilities
  • Fails if any CISA Known Exploited Vulnerability is found
  • Only gates on vulnerabilities that have a fix available
- uses: Geekwala/security-scan-action@v1
  id: scan
  with:
    api-token: ${{ secrets.GEEKWALA_API_TOKEN }}
    severity-threshold: high
    fail-on-kev: true
    only-fixed: true

Use the action's outputs in subsequent steps:

- run: echo "Found ${{ steps.scan.outputs.critical-count }} critical vulnerabilities"

Advanced Scan

Full-featured scan with SARIF upload to GitHub Security tab, JSON artifact export, EPSS-based filtering, and scheduled weekly runs.

- uses: Geekwala/security-scan-action@v1
  with:
    api-token: ${{ secrets.GEEKWALA_API_TOKEN }}
    severity-threshold: high
    fail-on-kev: true
    epss-threshold: '0.3'
    only-fixed: true
    output-format: summary,table,json
    json-file: scan-results.json
    sarif-file: results.sarif

Suppressing Vulnerabilities

Create a .geekwala-ignore.yml file in your repo root to suppress accepted risks:

ignore:
  - id: CVE-2024-12345
    reason: "Not exploitable in our usage - server-side only"
    expires: 2027-06-01

The action picks it up automatically. See .geekwala-ignore.yml for the example.

Supported Ecosystems

npm, Python (pip/poetry/pipenv), PHP (composer), Go, Rust (cargo), Ruby (bundler), .NET (NuGet), and Java (Maven).

The action auto-detects your dependency file. For monorepos, specify the path:

- uses: Geekwala/security-scan-action@v1
  with:
    api-token: ${{ secrets.GEEKWALA_API_TOKEN }}
    file-path: packages/api/package-lock.json

Action Outputs

Output Description
scan-status PASS, FAIL, or ERROR
total-packages Number of packages scanned
vulnerable-packages Number of vulnerable packages
critical-count Critical severity count
high-count High severity count
medium-count Medium severity count
low-count Low severity count
has-vulnerabilities true or false

Links

About

Example workflows for the GeekWala Security Scan GitHub Action

Topics

security dependencies vulnerability-scanning github-actions geekwala

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •