Your first scan (GitHub Action)
Similarly to the Dockerized client and all our CI/CD pipelines integrations, the Meterian GitHub Action includes all the necessary tools required to perform scans for project developed across all the languages we support. Essentially all you need to worry about is how to set it up for usage.
Open source project repository
Commit the following YAML workflow configuration file to your repository in the folder .github/workflows
Note: performing an open source scan with this configuration will generate a public report on the default account. To have the resulting report in your personal account provide your personal token to the configuration as explained below.-
Private project repository
First of all, generate a Meterian API token:
Log into your account on https://meterian.com
Create an new API token from the dashboard
Then Add the above token as a GitHub secret by the name METERIAN_API_TOKEN
In your repository navigate to the Secrets page (
Your repository > Settings > Secrets)Click on the
Add a new Secret
Then commit this YAML workflow configuration file to your repository in the folder .github/workflows
Committing these action workflow configurations will trigger your first workflow run which is visible on GitHub in the Actions tab of your repository
Note these workflows are triggered on push, should you wish to change this behaviour for your repository consult the detailed workflow syntax documentation here. The parameters for the action configuration are listed in the action documentation page on GitHub.
You can find a live example using our action here, and a list of working examples for all the supported languages can be found here.
If your workflow run is not triggered as expected ensure you have GitHub Actions enabled in your repository by reviewing the Actions Permissions in the Actions/General page of your repository settings.
Last updated
