Skip to content

Spectral Security Integration into your Github Actions pipeline

License

Notifications You must be signed in to change notification settings

SpectralOps/spectral-github-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation



SpectralOps logo

Spectral Scan

Install Spectral Scan action

Spectral Scan is a single self-contained binary, that's easy to get and use. This action installs the latest Spectral version into your PATH.

Example usage

Include this Action as a step in your workflow:

uses: spectralops/spectral-github-action@v4
with:
  spectral-dsn: $SPECTRAL_DSN
  spectral-args: scan --ok

You can see an example of this Action here

Configuration

You'll need to provide Spectral DSN as an input variable. You should always store your DSN in a secure way, like below in GitHub secrets.

name: Spectral

on: [push]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install and run Spectral CI
        uses: spectralops/spectral-github-action@v4
        with:
          spectral-dsn: ${{ secrets.SPECTRAL_DSN }}
          spectral-args: scan --ok

Spectral provides another scan option to audit your Github/Gitlab organization, user or repo.

name: Spectral

on: [push]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install and run Spectral Audit
        uses: spectralops/spectral-github-action@v4
        with:
          spectral-dsn: ${{ secrets.SPECTRAL_DSN }}
          spectral-args: github -k repo -t ${{ secrets.MY_GITHUB_TOKEN }} https://github.com/SpectralOps/spectral-github-action --include-tags base,audit --ok

How to Contribute

We welcome issues to and pull requests against this repository!

License

This project is licensed under the MIT License. See LICENSE for further details.