Your first scan (GitHub Action)
Last updated
Was this helpful?
Last updated
Was this helpful?
Similarly to the Dockerized client and all our CI/CD pipelines integrations, the includes all the necessary tools required to perform scans for project developed across all the languages we support. Essentially all you need to worry about is how to set it up for usage.
Open source project repository
Commit the following YAML workflow configuration file to your repository in the folder .github/workflows
Note: performing an open source scan with this configuration will generate a public report on the default account. To have the resulting report in your personal account provide your personal token to the configuration as explained below.-
Private project repository
First of all, generate a Meterian API token:
Create an new API token from the dashboard
Then Add the above token as a GitHub secret by the name METERIAN_API_TOKEN
In your repository navigate to the Secrets page ( Your repository > Settings > Secrets
)
Click on the Add a new Secret
Then commit this YAML workflow configuration file to your repository in the folder .github/workflows
Committing these action workflow configurations will trigger your first workflow run which is visible on GitHub in the Actions tab of your repository
If your workflow run is not triggered as expected ensure you have GitHub Actions enabled in your repository by reviewing the Actions Permissions in the Actions/General page of your repository settings.
Log into your account on
Note these workflows are triggered on push, should you wish to change this behaviour for your repository consult the detailed workflow syntax documentation . The parameters for the action configuration are listed in the .
You can find a live example using our action , and a list of working examples for all the supported languages can be found .