Meterian
Search
K

Your first scan (GitHub Action)

Similarly to the Dockerized client and all our CI/CD pipelines integrations, the Meterian GitHub Action includes all the necessary tools required to perform scans for project developed across all the languages we support. Essentially all you need to worry about is how to set it up for usage.
Open source project repository
Commit the following YAML workflow configuration file to your repository in the folder .github/workflows
# .github/workflows/main.yml
name: Meterian Scanner workflow
on: push
jobs:
meterian_scan:
name: Meterian client scan
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Meterian Scanner
uses: MeterianHQ/meterian-github-[email protected]
with:
oss: true
Note: performing an open source scan with this configuration will generate a public report on the default account. To have the resulting report in your personal account provide your personal token to the configuration as explained below.
Private project repository
In your repository settings on GitHub under the Secrets/Actions page set up a secret named METERIAN_API_TOKEN filling it with a valid token.
Then commit this YAML workflow configuration file to your repository in the folder .github/workflows
# .github/workflows/main.yml
name: Meterian Scanner workflow
on: push
jobs:
meterian_scan:
name: Meterian client scan
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Meterian Scanner
uses: MeterianHQ/meterian-github-[email protected]
env:
METERIAN_API_TOKEN: ${{ secrets.METERIAN_API_TOKEN }}
Committing these action workflow configurations will trigger your first workflow run which is visible on GitHub in the Actions tab of your repository
Note these workflows are triggered on push, should you wish to change this behaviour for your repository consult the detailed workflow syntax documentation here. The parameters for the action configuration are listed in the action documentation page on GitHub.
You can find a live example using our action here, and a list of working examples for all the supported languages can be found here.
If your workflow run is not triggered as expected ensure you have GitHub Actions enabled in your repository by reviewing the Actions Permissions in the Actions/General page of your repository settings.