Auto-scan on every push to main. Set up in 5 minutes.
name: Security Scan
on:
push:
branches: [main]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- name: Trigger scan
run: |
RESULT=$(curl -s -X POST https://securityscanner.dev/v1/webhook/scan \
-H "Authorization: Bearer ${{ secrets.SCANNER_API_KEY }}" \
-H "Content-Type: application/json" \
-d '{"host": "your-app.com", "min_grade": "B", "callback_url": ""}')
echo "$RESULT"
RUN_ID=$(echo $RESULT | jq -r .run_id)
echo "Scan started: $RUN_ID"
# Poll for completion
for i in $(seq 1 60); do
STATUS=$(curl -s https://securityscanner.dev/v1/scan/$RUN_ID \
-H "Authorization: Bearer ${{ secrets.SCANNER_API_KEY }}" | jq -r .status)
[ "$STATUS" = "completed" ] && break
sleep 10
done
The webhook triggers a full 70-module scan on your deployed URL. When the scan completes, you can check the grade and findings via the API or dashboard. Set min_grade to fail the pipeline if security drops below your threshold.