Advertisement

GitHub Actions Pipeline Generator

Create secure GitHub Actions workflows with integrated security scanning and best practices.

What is GitHub Actions?

GitHub Actions is a CI/CD platform that allows you to automate your build, test, and deployment pipeline directly from your GitHub repository. It provides powerful automation and integration capabilities, making it an excellent choice for implementing DevSecOps practices.

Learn more about GitHub Actions

Security Features

SAST Integration

Integrate Static Application Security Testing tools like CodeQL, SonarQube, or Snyk to scan your code for vulnerabilities.

Dependency Scanning

Automatically scan your dependencies for known vulnerabilities using tools like Dependabot, OWASP Dependency Check, or Snyk.

Secret Scanning

Prevent secrets from being committed to your repository with tools like GitGuardian, TruffleHog, or GitHub's built-in secret scanning.

Container Scanning

Scan your container images for vulnerabilities using tools like Trivy, Clair, or Anchore.

Sample Workflow

name: Secure CI/CD Pipeline

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      
      - name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '18'
          
      - name: Install dependencies
        run: npm ci
        
      - name: Run SAST scan
        uses: github/codeql-action/analyze@v2
        with:
          languages: javascript
          
      - name: Run dependency scan
        uses: snyk/actions/node@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
          
      - name: Run secret scan
        uses: trufflesecurity/trufflehog@v3
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
          head: HEAD
          
      - name: Build and test
        run: |
          npm run build
          npm test
          
      - name: Build container image
        run: docker build -t my-app:latest .
        
      - name: Scan container image
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'my-app:latest'
          format: 'table'
          exit-code: '1'
          severity: 'CRITICAL,HIGH'

Getting Started

  1. Create a new workflow file in your repository under .github/workflows/secure-pipeline.yml
  2. Configure your workflow using our generator to include the security scans you need
  3. Set up required secrets in your GitHub repository settings for any API keys or tokens needed by the security tools
  4. Commit and push your workflow file to trigger the pipeline
  5. Review security findings in the GitHub Actions tab and address any issues
Back to PipelinesGenerate GitHub Actions Workflow
Advertisement