Github

Setup your Integration

Full details on how to set up the Safety Github Action can be found here.

Step 1: Create a Safety Account and Obtain an API Key

• To utilize the Safety CLI scanner, you first need to create a Safety account.

• Once your account is set up, you can obtain your API key from your Safety Dashboard. This key will be used to authenticate your GitHub Action with Safety's services.

Step 2: Configure the GitHub Secret

• After obtaining your Safety API key, go to your GitHub repository's settings.

• Navigate to the 'Secrets' section and add a new secret.

• Name the secret (e.g., SAFETY_API_KEY) and paste your Safety API key as the value.

Step 3: Set Up the Workflow File

• You may need to create a Personal Access Token (PAT) with workflow permissions in order to push a workflow file to your repo. To do so, please refer to this guide.

• In your repository, create a new file in the .github/workflows directory. You can name this file according to its purpose (e.g., safety_scan.yml).

• Add the following content to your workflow file:

Copyname: Example workflow for Python using Safety Action
on: push
jobs:
 security:
   runs-on: ubuntu-latest
   steps:
     - uses: actions/checkout@main
     - name: Run Safety CLI to check for vulnerabilities
       uses: pyupio/safety-action@v1
       with:
         api-key: ${{ secrets.SAFETY_API_KEY }}