How to Integrate with Edgescan:
With our Edgescan integration Docker image, it’s simple to add scanning to your GitHub Actions workflow.
To integrate with Edgescan, simply: 1. Secure your API key as a Secret in your GitHub repository 2. Configure your workflow with a .github/workflows/edgescan.yml file 3. Configure Edgescan by CLI or with environment variables
Secure your API Key
When you signed up with Edgescan, you created an API key. To keep it a secret, and out of your repository, copy it to a GitHub secret for your repository. On GitHub, find your repository, and click into the ⚙️Settings tab near the top right side of the screen. Then click Secrets near the bottom left. Add your Edgescan API key as a secret called ES_API_KEY. Other variables like the asset ID can also be set this way.
Configure Your Workflow
At the base directory of your code repository, add a .github/workflows/edgescan.yml file to configure GitHub Actions to run Edgescan. Your file should look like this.
name: Edgescan
on:
push:
pull_request:
jobs:
edgescan:
name: Edgescan
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v2
- name: Pull Edgescan Docker Image
run: |
docker pull edgescan/cicd-integration
- name: Run Edgescan
run: |
docker run -t -e ES_API_TOKEN="${{ secrets.ES_API_TOKEN }}" -e ES_ASSET="${{ secrets.ES_ASSET }}" edgescan/cicd-integrationThis configuration tells GitHub Actions to pull the Edgescan Docker image, and using your API token, scan your asset, and wait for the results.
The final command could also be:
docker run -t edgescan/cicd-integration --asset-id ${{ secrets.ES_API_TOKEN }} --api-token ${{ secrets.ES_ASSET }}Run It
Check the workflow file into source control, and push it to GitHub. Head over to the GitHub Actions console to watch your workflow run.