GitHub Action
Boost Security Scanner
Executes the Boost Security Scanner cli tool to scan repositories for vulnerabilities and uploads results to the Boost Security API.
Add the following to your .github/workflows/boostsecurity.yml
:
on:
push:
branches:
- master
pull_request:
branches:
- master
types:
- opened
- synchronize
jobs:
scan_job:
name: Boost Security Scanner
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: BoostSecurity Scanner
uses: boostsecurityio/boostsec-scanner-github@v4
with:
api_endpoint: https://api.boostsecurity.net
api_token: ${{ secrets.BOOST_API_KEY }}
Additional CLI args to pass to the boost
cli.
Enable or disable boost uploading results to the boost api
Overrides the API endpoint url
The Boost Security API token secret.
NOTE: We recommend you not put the API token directly in your pipeline.yml file. Instead, it should be exposed via a secret.
Overrides the cli version to download when performing scans. If undefined, this will default to pulling "1".
Ignore any non-zero exit status and always return a success.
Change the CLI logging level.
The name of the main branch that PRs would merge into. This is automatically detected by querying the git server.
Optional command to execute prior to scanning. This may be used to generate additional files that are not tracked in git.
The relative path towards a module within the Scanner Registry. To streamline the configuration, both the scanners prefix and module.yaml suffix may be omitted.
Optional identifier to uniquely identify the scanner
Optional identifier to identify a monorepo component
Optional path within the git repository to execute scanners in.
When this parameter is specified, you must also provide a scan_label
to identify the component.
The optional timeout after which the Github check will be marked as failed. This defaults to 120 seconds.
The optional timeout on a diff scan after which the Github check will be marked as failed. This defaults to 120 seconds.
The optional timeout on a main scan after which the Github check will be marked as failed. This defaults to 2 hours.