Quick start

Follow the simple guide below to integrate security monitoring into your GitHub actions workflows.

Sign in to listen.dev with your GitHub account. The first time you sign in, we automatically create your Organization and a default Project.

2. Get Your API Key

From your Project’s “Settings” page, copy the API Key. Keep this secret.

You will add this as a secret in your GitHub repo for actions.

3. Add listen.dev to Your GitHub Workflow

• Add your API key as a GitHub Secret (e.g., LISTEN_API_KEY).

• In your repo’s .github/workflows/<your-workflow>.yml, add a step:

- uses: listendev/action@v0.16.0
  with:
    jwt: ${{ secrets.LSTN_API_KEY }}
    runtime: only

We recommend adding listen.dev in your workflow file after the repo checkout step - before updating or adding new external dependencies or tools.

4. Trigger the workflow run

On your next PR, listen.dev runs automatically. If malicious DNS calls are detected, you’ll see a PR comment and get a Slack alert.

Typical practice is running listen.dev on Pull Request triggers in GitHub, where you have rest of your checks

5. See Results

In-line results can be received in GitHub PR comments and in Slack (see below)
Detailed results can be seen In dashboard.listen.dev

5. Configure Slack Alerts (Optional)

• Go to your Slack workspace and set up an Incoming Webhook.

• Paste the Slack Webhook URL into your Project’s “Slack Integration” field on listen.dev.

See detailed guide for this here.

Last updated 16 days ago

Quick start

Follow the simple guide below to integrate security monitoring into your GitHub actions workflows.

Sign in to listen.dev with your GitHub account. The first time you sign in, we automatically create your Organization and a default Project.

2. Get Your API Key

From your Project’s “Settings” page, copy the API Key. Keep this secret.

You will add this as a secret in your GitHub repo for actions.

3. Add listen.dev to Your GitHub Workflow

• Add your API key as a GitHub Secret (e.g., LISTEN_API_KEY).

• In your repo’s .github/workflows/<your-workflow>.yml, add a step:

- uses: listendev/action@v0.16.0
  with:
    jwt: ${{ secrets.LSTN_API_KEY }}
    runtime: only

We recommend adding listen.dev in your workflow file after the repo checkout step - before updating or adding new external dependencies or tools.

4. Trigger the workflow run

On your next PR, listen.dev runs automatically. If malicious DNS calls are detected, you’ll see a PR comment and get a Slack alert.

Typical practice is running listen.dev on Pull Request triggers in GitHub, where you have rest of your checks

5. See Results

In-line results can be received in GitHub PR comments and in Slack (see below)
Detailed results can be seen In dashboard.listen.dev

5. Configure Slack Alerts (Optional)

• Go to your Slack workspace and set up an Incoming Webhook.

• Paste the Slack Webhook URL into your Project’s “Slack Integration” field on listen.dev.

See detailed guide for this here.

Woot! you just completed your first e2e workflow in listen.dev!

Last updated 16 days ago

1. Sign In & Setup

2. Get Your API Key

3. Add listen.dev to Your GitHub Workflow

4. Trigger the workflow run

5. See Results

5. Configure Slack Alerts (Optional)

1. Sign In & Setup

2. Get Your API Key

3. Add listen.dev to Your GitHub Workflow

4. Trigger the workflow run

5. See Results

5. Configure Slack Alerts (Optional)