GitHub Actions Integration
Integrate Threatspy with GitHub Actions to automatically trigger security scans as part of your CI/CD workflow. This enables continuous security testing of your web applications and APIs during every code push and pull request.
Prerequisites
Before you begin, ensure you have:
- A Threatspy account with an active subscription or trial.
- An application already created in Threatspy.
- A valid Threatspy API Key.
- The Application ID of the application you want to scan.
- Your registered Threatspy email address.
- A GitHub repository with GitHub Actions enabled.
Step 1: Generate Threatspy Credentials
Log in to your Threatspy dashboard and collect the following credentials.
| Credential | Description |
|---|---|
| API Key | Used to authenticate API requests to Threatspy. |
| Application ID | Unique identifier of the application to be scanned. |
| User Email | Registered email address associated with your Threatspy account. |
> Note: Keep your API Key confidential and never commit it to your repository.
Step 2: Configure GitHub Secrets
Navigate to your GitHub repository:
Repository → Settings → Secrets and variables → Actions
Create the following repository secrets:
| Secret Name | Description |
|---|---|
| `THREATSPY_API_KEY` | Your Threatspy API Key |
| `THREATSPY_APP_ID` | Your Threatspy Application ID |
| `THREATSPY_USER_EMAIL` | Your registered Threatspy email address |
> Recommended: Store all credentials as GitHub Secrets to keep sensitive information secure.
Step 3: Create the GitHub Actions Workflow
Create a new workflow file:
.github/workflows/threatspy-security-scan.ymlAdd the following workflow configuration:
name: Security Scan
on:
push:
branches: [main]
pull_request:
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Start Scan
run: |
curl -X POST https://api.threatspy.secureblink.com/start-scan \
-H "x-api-key: ${{ secrets.THREATSPY_API_KEY }}" \
-H "x-app-id: ${{ secrets.THREATSPY_APP_ID }}" \
-H "email: ${{ secrets.THREATSPY_USER_EMAIL }}" \
-H "Content-Type: application/json"This workflow automatically triggers a Threatspy security scan whenever:
- Code is pushed to the main branch.
- A Pull Request is created or updated.
Step 4: Commit and Push Changes
Commit the workflow file and push it to your repository.
git add .github/workflows/threatspy-security-scan.yml
git commit -m "Add Threatspy GitHub Actions integration"
git push origin mainGitHub Actions will automatically execute the workflow after the changes are pushed.
Step 5: Verify Workflow Execution
After the workflow starts:
- Navigate to the Actions tab in your GitHub repository.
- Open the latest Security Scan workflow run.
- Verify that the Start Scan step executes successfully.
- Ensure the workflow completes without any errors.
Once the workflow finishes successfully, the security scan request will be submitted to Threatspy for processing.