GitHub Actions

Secure your CI/CD pipelines with runtime monitoring.

Why monitor CI/CD?

  • Supply chain attacks in build processes
  • Malicious dependencies during package installs
  • Crypto miners using free compute
  • Credential theft from CI/CD environments

Setup (2 minutes)

1. Get API token

# Get token from: dashboard.garnet.ai/tokens
export GARNET_API_TOKEN="garnet_xxx"

2. Add to workflow

# .github/workflows/main.yml
name: CI Pipeline

on: [push, pull_request]

jobs:
  build:
    runs-on: ubuntu-latest
    
    steps:
      - uses: actions/checkout@v4
      
      # Add Garnet scan
      - uses: garnetlabs/garnet-action@v1
        env:
          GARNET_API_TOKEN: ${{ secrets.GARNET_API_TOKEN }}
      
      # Your build steps
      - run: npm install
      - run: npm test
      - run: npm run build

3. Add secret

  1. Go to repository Settings → Secrets → Actions
  2. Click “New repository secret”
  3. Name: GARNET_API_TOKEN
  4. Value: Your API token
  5. Click “Add secret”
GitHub Actions secrets configuration

4. Trigger workflow

git commit -m "Add Garnet security" && git push
Result: Garnet monitors the entire build process

Configuration

Scan modes

Advanced options

- uses: garnetlabs/garnet-action@v1
  with:
    scan-mode: comprehensive
    fail-on-detection: true      # Fail build on threats
    ignore-patterns: |           # Skip monitoring these
      - "npm install lodash"
      - "curl google.com"
  env:
    GARNET_API_TOKEN: ${{ secrets.GARNET_API_TOKEN }}

What gets detected

Supply Chain

  • Malicious packages
  • Backdoored dependencies
  • Build tool compromises

Crypto Mining

  • Mining software
  • Pool connections
  • Resource abuse

Data Theft

  • Network exfiltration
  • Credential harvesting
  • Secret extraction

Code Injection

  • Malicious scripts
  • Build manipulation
  • Unauthorized changes

Verification

After setup:
  1. Trigger workflow - push code or create PR
  2. Check logs - look for Garnet scan output
  3. Visit dashboard - confirm agent appears
  4. Review events - check for any detections
Garnet scan output in workflow logs

Example detections

Crypto miner blocked

{
  "detection": "Crypto miner execution",
  "process": "xmrig -o pool.minexmr.com:4444", 
  "action": "Process killed, build continued"
}

Suspicious network connection

{
  "detection": "C2 callback attempt",
  "network": "badactor.cn:8080",
  "action": "Connection blocked, build continued"
}

Troubleshooting

Symptoms:
Error: Garnet scan failed
Fix:
  1. Verify GARNET_API_TOKEN secret is set
  2. Check token permissions in dashboard
  3. Ensure runner has internet access
This is normal if no threats exist.Test:
# Add to workflow for testing:
- run: curl http://malicious.test.garnet.ai
If still nothing:
  1. Confirm agent shows “online” in dashboard
  2. Check scan-mode configuration
  3. Review workflow logs for errors
Symptoms: Build takes longerSolutions:
  1. Switch to scan-mode: lightweight
  2. Run scans only on specific branches:
- uses: garnetlabs/garnet-action@v1
  if: github.ref == 'refs/heads/main'
  1. Use matrix builds for parallelization
Symptoms: Legitimate activity flaggedFix: Add to ignore patterns:
- uses: garnetlabs/garnet-action@v1
  with:
    ignore-patterns: |
      - "npm install your-package"
      - "curl api.yourcompany.com"
Or create allowlist in dashboard

Next steps

View Detections

Monitor security events

Enable Blocking

Stop threats automatically

View Examples

See real detections