Similarly to the Dockerized client and all our CI/CD pipelines integrations, the Meterian GitHub Action includes all the necessary tools required to perform scans for project developed across all the languages we support. Essentially all you need to worry about is how to set it up for usage.

Open source project repository

Commit the following YAML workflow configuration file to your repository in the folder .github/workflows

# .github/workflows/main.yml

name: Meterian Scanner workflow

on: push

jobs:
    meterian_scan:
        name: Meterian client scan
        runs-on: ubuntu-latest
        steps:
          - name: Checkout
            uses: actions/checkout@v3
          - name: Meterian Scanner
            uses: MeterianHQ/meterian-github-action@v1.0.13
            with:
              oss: true

Note: performing an open source scan with this configuration will generate a public report on the default account. To have the resulting report in your personal account provide your personal token to the configuration as explained below.-

Private project repository

First of all, generate a Meterian API token:

• Log into your account on https://meterian.com

• Create an new API token from the dashboard

Then Add the above token as a GitHub secret by the name METERIAN_API_TOKEN

• In your repository navigate to the Secrets page ( Your repository > Settings > Secrets )

• Click on the Add a new Secret

Then commit this YAML workflow configuration file to your repository in the folder .github/workflows

# .github/workflows/main.yml

name: Meterian Scanner workflow

on: push

jobs:
    meterian_scan:
        name: Meterian client scan
        runs-on: ubuntu-latest
        steps: 
          - name: Checkout
            uses: actions/checkout@v3
          - name: Meterian Scanner
            uses: MeterianHQ/meterian-github-action@v1.0.13
            env:
              METERIAN_API_TOKEN: ${{ secrets.METERIAN_API_TOKEN }}

Committing these action workflow configurations will trigger your first workflow run which is visible on GitHub in the Actions tab of your repository

Note these workflows are triggered on push, should you wish to change this behaviour for your repository consult the detailed workflow syntax documentation here. The parameters for the action configuration are listed in the action documentation page on GitHub.

You can find a live example using our action here, and a list of working examples for all the supported languages can be found here.

If your workflow run is not triggered as expected ensure you have GitHub Actions enabled in your repository by reviewing the Actions Permissions in the Actions/General page of your repository settings.