CI/CD Integration

Overview

VulnZap integrates with GitHub Actions to provide automated security scanning in your CI/CD pipeline. Key Features:

Auto-detects repository URL, branch, and commit from GitHub context
Streams scan results directly in job logs
Simple one-step configuration
Zero additional setup required

VulnZap CLI Scan Action

This GitHub Action runs a VulnZap scan via the VulnZap CLI and streams results in the job logs. The action auto-detects repository URL, branch, and commit from the GitHub context—you only provide the API key.

Quick Setup

Create .github/workflows/vulnzap.yml:

name: VulnZap Security Scan

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Run VulnZap Scan
        uses: VulnZap/vulnzap-cicd@v1
        with:
          api-key: ${{ secrets.VULNZAP_API_KEY }}

Action Inputs

api-key

string

required

Your VulnZap API Key

How It Works

The action automatically:

Derives the repository URL as https://github.com/${GITHUB_REPOSITORY}
Passes GITHUB_REF_NAME (branch name) to the CLI
Passes GITHUB_SHA (commit hash) to the CLI
Installs and runs npx vulnzap@latest with the correct parameters
Streams scan results to the job logs in real-time

Make sure Docker/network access is available so npx vulnzap@latest can install and run.

Setting Up Secrets

Add your VulnZap API Key as a repository secret:

Open Repository Settings

Go to your repository’s Settings → Secrets and variables → Actions

Create New Secret

Click New repository secret

Add API Key

Name: VULNZAP_API_KEY
Value: Your API key from vulnzap.com/dashboard
Click Add secret

Branch Protection

Require VulnZap checks to pass before merging:

Open Branch Settings

Go to Settings → Branches → Branch protection rules

Add Rule

Add rule for your main branch

Enable Status Checks

Enable Require status checks to pass before merging
Select VulnZap Security Scan from the list
Save changes

Next Steps

CLI Reference

Complete command-line documentation

Dashboard Guide

View findings in the web dashboard

IDE Integration

Real-time scanning while coding

Deployment Options

Self-hosted and on-premises options

Getting Started

Core Features

Integration

Resources

CI/CD Integration

Overview

VulnZap CLI Scan Action

Quick Setup

Action Inputs

How It Works

Setting Up Secrets

Branch Protection

Next Steps

CLI Reference

Dashboard Guide

IDE Integration

Deployment Options

Getting Started

Core Features

Integration

Resources

​Overview

​VulnZap CLI Scan Action

​Quick Setup

​Action Inputs

​How It Works

​Setting Up Secrets

​Branch Protection

​Next Steps

CLI Reference

Dashboard Guide

IDE Integration

Deployment Options

Overview

VulnZap CLI Scan Action

Quick Setup

Action Inputs

How It Works

Setting Up Secrets

Branch Protection

Next Steps