Overview
VulnZap integrates with GitHub Actions to provide automated security scanning in your CI/CD pipeline. Key Features:- Auto-detects repository URL, branch, and commit from GitHub context
- Streams scan results directly in job logs
- Simple one-step configuration
- Zero additional setup required
VulnZap CLI Scan Action
This GitHub Action runs a VulnZap scan via the VulnZap CLI and streams results in the job logs. The action auto-detects repository URL, branch, and commit from the GitHub context—you only provide the API key.Quick Setup
Create.github/workflows/vulnzap.yml:
Action Inputs
Your VulnZap API Key
How It Works
The action automatically:- Derives the repository URL as
https://github.com/${GITHUB_REPOSITORY} - Passes
GITHUB_REF_NAME(branch name) to the CLI - Passes
GITHUB_SHA(commit hash) to the CLI - Installs and runs
npx vulnzap@latestwith the correct parameters - Streams scan results to the job logs in real-time
Make sure Docker/network access is available so
npx vulnzap@latest can install and run.Setting Up Secrets
Add your VulnZap API Key as a repository secret:1
Open Repository Settings
Go to your repository’s Settings → Secrets and variables → Actions
2
Create New Secret
Click New repository secret
3
Add API Key
- Name:
VULNZAP_API_KEY - Value: Your API key from vulnzap.com/dashboard
- Click Add secret
Branch Protection
Require VulnZap checks to pass before merging:1
Open Branch Settings
Go to Settings → Branches → Branch protection rules
2
Add Rule
Add rule for your
main branch3
Enable Status Checks
- Enable Require status checks to pass before merging
- Select VulnZap Security Scan from the list
- Save changes