GitHub Actions enables the automation of workflows directly from your GitHub repository. By integrating GitHub Actions with Cloud Defense, you can automate security scans during your development process, ensuring continuous integration and delivery of secure software.
Setting Up GitHub Actions
Step 1: Configure Self-Hosted Runners
To utilize GitHub Actions with enhanced control and privacy, you'll need to set up self-hosted runners. These runners will execute jobs in your CI/CD workflows on machines that you manage.
Navigate to your repository's Settings and select the 'Actions' tab.
Click on 'Runners' and then 'New runner'. Follow the instructions to set up a runner on a Linux VM or any other operating system you prefer. Ensure that the machine is secure and meets the requirements for running GitHub Actions.
For instance, you might execute the following commands on your Linux VM to prepare it for GitHub Actions:
mkdir ObjcTest # Ensure the directory name matches your repository name
cd ObjcTest
./config.sh --url https://github.com/your-org/your-repo --token <YOUR_TOKEN>
Step 2: Secure API Keys with Secrets
To ensure your workflows are secure and to keep sensitive data like API keys safe, use GitHub Secrets.
Go back to your repository's Settings, choose 'Secrets', and then 'New repository secret'.
Name your secret API_KEY and paste the API key you wish to use for integrating with Cloud Defense. This key will be used securely in your GitHub Actions without exposing it in your workflow files.
Step 3: Create and Configure Your Workflow
Define your GitHub Actions workflow by creating a .yml file under .github/workflows in your repository.
Structure your repository to include the workflow file at .github/workflows/action.yml.
Ensure that your action.yml file is correctly set up to trigger on the desired events (e.g., push, pull request). Include steps that define how to execute Cloud Defense scans using the API key stored in your secrets.
An example of a simple action.yml might look like this:
name: Cloud Defense Scan
on: [push]
jobs:
security_scan:
runs-on: self-hosted
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Run Cloud Defense Scan
run: |
echo "Running security scan..."
cdefense scan --api-key ${{ secrets.API_KEY }} --project-name ${{ github.repository }}
This workflow checks out your code and runs a security scan using Cloud Defense every time there's a push to the repository. Adjust the parameters according to your Cloud Defense CLI configuration.
This integration allows you to automate the security assessment of your projects with every change, helping to catch vulnerabilities early in the development cycle. By using self-hosted runners, you maintain control over the environment and ensure that sensitive data used during the CI/CD process remains within your infrastructure. Additionally, by using GitHub Secrets, you protect sensitive configuration details such as API keys from exposure.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article