Integrate GitHub Action

Runtime security monitoring for your CI workflows in GitHub actions.

Last updated 3 months ago

Integrate GitHub Action

Runtime security monitoring for your CI workflows in GitHub actions.

Add the listen.dev step to your workflow file

Open your project's repository in GitHub. In your repository, go to the "Actions" tab.
Click "New Workflow" and create a new workflow file in .github/workflows
Add the listen.dev GitHub Action and include the API key as a secret.

        uses: listendev/action@v0.15.0
        with: 
          jwt: ${{ secrets.LSTN_API_KEY }}
          runtime: only

To instrument an existing workflow, we recommend adding the step on top of your workflow file after the checkout step.

Launch the first scan by triggering a GitHub Actions workflow.

You can confirm if listen.dev is working properly by checking the CI logs for the Actions workflow. It should have the listen.dev start and stop steps added to it, as shown below:

Scans are triggered based on your workflow definition. However, only pull_request triggers generate feedback in PR comments. This is our recommended model of usage, ensuring that any new changes go through code review and security checks before merging

Last updated 3 months ago