All integrations
GitHub Actions
Automate security scanning in your CI/CD pipeline
Overview
The secuprobe/scan-action GitHub Action integrates SecuProbe into your CI/CD pipeline. It automatically triggers a security scan on every deployment, and can fail the pipeline if vulnerabilities above a specified severity level are detected.
Prerequisites
- A SecuProbe account on the Pro or Enterprise plan.
- An API key with
scans:createandscans:readscopes — create one in Settings → API. - Add the key as a GitHub repository secret named
SECUPROBE_API_KEY.
Basic usage
# .github/workflows/security.yml
name: Security Scan
on:
push:
branches: [main]
pull_request:
jobs:
secuprobe:
runs-on: ubuntu-latest
steps:
- name: Run SecuProbe Scan
uses: secuprobe/scan-action@v1
with:
api_key: ${{ secrets.SECUPROBE_API_KEY }}
url: https://your-app.com
fail_on_severity: criticalInputs
| Input | Required | Default | Description |
|---|---|---|---|
| api_key | Yes | — | SecuProbe API key (sp_live_...) |
| url | Yes | — | URL to scan |
| fail_on_severity | No | critical | Minimum severity to fail CI: critical / high / medium / none |
| timeout | No | 600 | Maximum wait time in seconds |
Outputs
| Output | Description |
|---|---|
| scan_id | SecuProbe scan ID (UUID) |
| secu_score | SecuScore 0–100 |
| report_url | Link to the full scan report |
Advanced usage
- name: Run SecuProbe Scan
id: scan
uses: secuprobe/scan-action@v1
with:
api_key: ${{ secrets.SECUPROBE_API_KEY }}
url: ${{ vars.STAGING_URL }}
fail_on_severity: high
timeout: '900'
- name: Print scan result
run: |
echo "SecuScore: ${{ steps.scan.outputs.secu_score }}"
echo "Report: ${{ steps.scan.outputs.report_url }}"GitHub Job Summary
The action automatically writes a rich summary to the GitHub Actions job summary page, including the SecuScore, vulnerability counts by severity, and a link to the full report.
Ready to get started?
Create an API key and add it to your GitHub secrets.