GitHub Actions

GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline. You can create workflows that build and test every pull request to your repository, or deploy merged pull requests to production.

Github Actions logo

How to Integrate with Edgescan:

With our Edgescan integration Docker image, it’s simple to add scanning to your GitHub Actions workflow.

To integrate with Edgescan, simply: 1. Secure your API key as a Secret in your GitHub repository 2. Configure your workflow with a .github/workflows/edgescan.yml file 3. Configure Edgescan by CLI or with environment variables

Secure your API Key

When you signed up with Edgescan, you created an API key. To keep it a secret, and out of your repository, copy it to a GitHub secret for your repository. On GitHub, find your repository, and click into the ⚙️Settings tab near the top right side of the screen. Then click Secrets near the bottom left. Add your Edgescan API key as a secret called ES_API_KEY. Other variables like the asset ID can also be set this way.

Configure Your Workflow

At the base directory of your code repository, add a .github/workflows/edgescan.yml file to configure GitHub Actions to run Edgescan. Your file should look like this.

name: Edgescan
on:
  push:
  pull_request:
jobs:
  edgescan:
    name: Edgescan
    runs-on: ubuntu-latest
    steps:
      - name: Clone repo
        uses: actions/checkout@v2
      - name: Pull Edgescan Docker Image
        run: |
          docker pull edgescan/cicd-integration
      - name: Run Edgescan
        run: |
          docker run -t -e ES_API_TOKEN="${{ secrets.ES_API_TOKEN }}" -e ES_ASSET="${{ secrets.ES_ASSET }}" edgescan/cicd-integration

This configuration tells GitHub Actions to pull the Edgescan Docker image, and using your API token, scan your asset, and wait for the results.

The final command could also be:

docker run -t edgescan/cicd-integration --asset-id ${{ secrets.ES_API_TOKEN }} --api-token ${{ secrets.ES_ASSET }}

Run It

Check the workflow file into source control, and push it to GitHub. Head over to the GitHub Actions console to watch your workflow run.