GitHub CI/CD Integration
Set up Invicti AppSec with GitHub Actions for automated security scanning.
GitHub
Github pipeline that contains SAST & SCA scans
1. Trigger
Triggers the workflow on push request events but only for the main branch.
2. Pick Runner
The type of runner that the job will run on.
3. Checkout
Checkout the code from the repository using the actions/checkout action.
4. Setup KDT
Install the Kondukto CLI using a curl command, and set two environment variables (KONDUKTO_HOST and KONDUKTO_TOKEN) using GitHub secrets.
5. Run a SAST Scan
Run a static application security testing (SAST) scan against the repository specified by the environment variable ${{ github.event.repository.name }}, using the GoSec tool, and the branch specified by ${{ github.ref }}.
6. Run a CS scan
Run a container security scan against the ubuntu:latest image for the repository that is specified by the environment variable ${{ github.event.repository.name }}, using the Trivy tool, and the branch specified by ${{ github.ref }}.
YAML
1name: KDT CI2 3on:4push:5 branches: [ main ]6 7workflow_dispatch:8 9jobs:10build:11 runs-on: ubuntu-latest12 steps:13 - uses: actions/checkout@v214 - name: Setup KDT15 run: |16 curl -sSL https://cli.kondukto.io | sh17 echo "KONDUKTO_HOST=${{ secrets.KONDUKTO_HOST }}" >> $GITHUB_ENV18 echo "KONDUKTO_TOKEN=${{ secrets.KONDUKTO_TOKEN }}" >> $GITHUB_ENV19 20 - name: Run a SAST scan21 run: |22 kdt scan23 -p ${{ github.event.repository.name }}24 -t gosec25 -b ${{ github.ref }}26 27 - name: Run a CS scan28 run: |29 kdt scan30 -p ${{ github.event.repository.name }}31 -t trivy32 --image=ubuntu:latest33 -b ${{ github.ref }}Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center