Product Documentation
Search…
Getting Started
Analysis Engine
Product Features
IDE plugins
Reshift Security Model
Common Questions and Answers
Account Settings
Project Settings
GitHub Actions [JavaScript]
Integrating Reshift with GitHub Actions for Javacript.
In GitHub, select the project you would like to integrate Reshift with.
1. Create an Action
To create an action click 'actions' and set up the workflow with your language card.
2. Create a Secret
First, create a secret in the GitHub 'settings' tab. Give the secret a name (
RESHIFT_TOKEN for this example), and paste your scan token as the value.3. Configure your Workflow
Add a
.yml file to the base directory of your code repository to configure GitHub Actions to run Reshift scans. You're file should look like this. 1
name: Reshift NPM scan
2
on:
3
push:
4
branches: [ master ]
5
pull_request:
6
branches: [ master ]
7
jobs:
8
build:
9
runs-on: ubuntu-latest
10
strategy:
11
matrix:
12
node-version: [14.x]
13
steps:
14
- uses: actions/[email protected]
15
- name: Use Node.js ${{ matrix.node-version }}
16
uses: actions/[email protected]
17
with:
18
node-version: ${{ matrix.node-version }}
19
- run: npm install -g @reshiftsecurity/reshift-plugin-npm
20
- run: reshift-scan -t ${{ secrets.RESHIFT_TOKEN }}
Copied!
3. Start a Commit
Click 'start commit' to kick off the Reshift Scan.
In GitHub, you will see your scan results in the "Actions" tab. Results will also be updated and reflected on your Reshift Dashboard.
If you have any more questions, please email us at [email protected]!