Product Documentation
Search…
Welcome To Reshift
Getting Started
Scan Your First Project
Signing Up Using GitHub
Signing Up Using Bitbucket
Signing Up Using GitLab
Scanning Maven Projects
Scanning Gradle Projects
Granting Reshift GitHub Organization Access After Signing up
Setting Projects Up Using NPM
Integrations
GitHub Actions [JavaScript]
GitHub Actions [Java]
Circle CI
Jenkins
GitLab
Analysis Engine
Java Security Rules
JavaScript Security Rules
Product Features
Code Review Workflow
Autofix
IDE plugins
IntelliJ IDE
Visual Studio Code
Reshift Security Model
Source Code Security in Reshift
User Authentication Mode in Reshift
Report Bundles and Call Graphs
User Data Flow
Common Questions and Answers
How do you ensure Reshift's own security?
How do I know my code is secure?
Why do you need access to my source code?
What permissions does reshift gain access to?
Can I try reshift without giving access to my source code?
Why do I need to sign up with GitHub, Bitbucket, or Gitlab?
Why might my scan be failing?
Can’t load code snippets?
Clean security report?
Account Settings
Permissions
Project Settings
Project Tokens
Security Gates
Reporting
Powered By
GitBook
GitHub Actions [JavaScript]
Integrating Reshift with GitHub Actions for Javacript.
In GitHub, select the project you would like to integrate Reshift with.
1. Create an Action
To create an action click 'actions' and set up the workflow with your language card.
2. Create a Secret
First,
create a secret
in the GitHub '
settings
' tab. Give the secret a name (
RESHIFT_TOKEN
for this example), and paste your scan token as the value.
3. Configure your Workflow
Add a
.yml
file to the base directory of your code repository to configure GitHub Actions to run Reshift scans. You're file should look like this.
1
name: Reshift NPM scan
2
on:
3
push:
4
branches: [ master ]
5
pull_request:
6
branches: [ master ]
7
jobs:
8
build:
9
runs-on: ubuntu-latest
10
strategy:
11
matrix:
12
node-version: [14.x]
13
steps:
14
- uses: actions/
[email protected]
15
- name: Use Node.js ${{ matrix.node-version }}
16
uses: actions/
[email protected]
17
with:
18
node-version: ${{ matrix.node-version }}
19
- run: npm install -g @reshiftsecurity/reshift-plugin-npm
20
- run: reshift-scan -t ${{ secrets.RESHIFT_TOKEN }}
Copied!
3. Start a Commit
Click 'start commit' to kick off the Reshift Scan.
In GitHub, you will see your scan results in the "Actions" tab. Results will also be updated and reflected on your Reshift Dashboard.
If you have any more questions, please email us at
[email protected]
!
Getting Started - Previous
Setting Projects Up Using NPM
Next - Integrations
GitHub Actions [Java]
Last modified
11mo ago
Copy link
Contents
1. Create an Action
2. Create a Secret
3. Configure your Workflow
3. Start a Commit