Vigilnz Security Scan
ActionsTags
(2)
The Vigilnz Security Scan Action helps developers automatically check their applications and repositories for vulnerabilities during CI/CD.
It supports multiple scan types:
- SCA → Software Composition Analysis
- SBOM → Software Bill of Materials generation
- SAST → Static Application Security Testing
- IAC SCAN → Infrastructure as Code — checks configuration files (Terraform, Kubernetes, etc.) for misconfigurations.
- SECRET SCAN → Secret Detection — finds hardcoded credentials, API keys, and sensitive information in source code.
- DAST → Dynamic Application Security Testing — tests running web applications for security vulnerabilities.
- CONTAINER SCAN → Container Image Scanning — analyzes container images for vulnerabilities and misconfigurations.
This action makes it easy to integrate Vigilnz scanning into your GitHub workflows.
To use the Vigilnz Security Scan Action, follow these steps in order:
- Generate API Key from Vigilnz Security.
- Store the API key securely in GitHub Secrets.
- Add the action to your GitHub workflow.
- Login to the Vigilnz application.
- Navigate to Settings → API Keys.
- Click Generate New Key or View API Key (if it exists).
- Copy the API Key and store it securely.
- Go to your repository Settings → Secrets and variables → Actions.
- Click New repository secret.
- Add:
- Name: VIGILNZ_API_KEY
- Value: your Vigilnz API key
name: Security Scan
on:
push:
branches: [ main ]
pull_request:
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Vigilnz Scan
uses: vigilnz/vigilnz-scan-action@v1
with:
vigilnzApiKey: ${{ secrets.VIGILNZ_API_KEY }}
scanTypes: "SCA,SBOM,SAST,SECRET SCAN,IAC SCAN"
projectName: "my-project"
environment: "production"
| Name | Required | Description |
|---|---|---|
| vigilnzApiKey | True | Your Vigilnz API key (stored securely in GitHub Secrets). |
| scanTypes | True | Comma-separated list: SCA,SBOM,SAST,SECRET SCAN,IAC SCAN,DAST,CONTAINER SCAN |
| Name | Required | Description |
|---|---|---|
| projectName | False | Project name for the scan |
| environment | False | Environment for the scan (dev, development, demo, prod, production) |
| Name | Required | Description | Required When |
|---|---|---|---|
| dastScanType | False | DAST scan type (e.g., spider, active) |
When DAST in scanTypes |
| dastTargetUrl | False | Target URL for DAST scan | When DAST in scanTypes |
| Name | Required | Description | Required When |
|---|---|---|---|
| containerImage | False | Container image name (e.g., nginx:latest) |
When CONTAINER SCAN in scanTypes |
| containerProvider | False | Registry provider: dockerhub, aws-ecr, github, gitlab, google, azure, quay |
When CONTAINER SCAN in scanTypes |
| containerRegistryType | False | Registry type: public, private, ecr-public, ecr-private, gcr, artifact, mcr |
When required by provider |
| containerRegistryUrl | False | Registry URL (for private registries) | When using private registries |
| containerAuthType | False | Authentication type: none, token, username-password |
When registry requires auth |
| containerToken | False | Access token for container registry | When containerAuthType is token |
| containerUsername | False | Username for container registry | When containerAuthType is username-password |
| containerPassword | False | Password for container registry (store in secrets!) | When containerAuthType is username-password |
with:
vigilnzApiKey: ${{ secrets.VIGILNZ_API_KEY }}
scanTypes: "SCA"with:
vigilnzApiKey: ${{ secrets.VIGILNZ_API_KEY }}
scanTypes: "SCA,SBOM,SAST,SECRET SCAN,IAC SCAN"
projectName: "my-application"
environment: "production"with:
vigilnzApiKey: ${{ secrets.VIGILNZ_API_KEY }}
scanTypes: "DAST"
dastScanType: "active"
dastTargetUrl: "https://example.com"
projectName: "web-application"with:
vigilnzApiKey: ${{ secrets.VIGILNZ_API_KEY }}
scanTypes: "CONTAINER SCAN"
containerImage: "nginx:latest"
containerProvider: "dockerhub"
containerAuthType: "none"with:
vigilnzApiKey: ${{ secrets.VIGILNZ_API_KEY }}
scanTypes: "CONTAINER SCAN"
containerImage: "myorg/myapp:1.0.0"
containerProvider: "dockerhub"
containerAuthType: "username-password"
containerUsername: ${{ secrets.DOCKERHUB_USERNAME }}
containerPassword: ${{ secrets.DOCKERHUB_PASSWORD }}with:
vigilnzApiKey: ${{ secrets.VIGILNZ_API_KEY }}
scanTypes: "CONTAINER SCAN"
containerImage: "myapp:latest"
containerProvider: "aws-ecr"
containerRegistryType: "ecr-private"
containerRegistryUrl: "123456789012.dkr.ecr.us-east-1.amazonaws.com"
containerAuthType: "token"
containerToken: ${{ secrets.AWS_ECR_TOKEN }}with:
vigilnzApiKey: ${{ secrets.VIGILNZ_API_KEY }}
scanTypes: "CONTAINER SCAN"
containerImage: "ghcr.io/myorg/myapp:latest"
containerProvider: "github"
containerAuthType: "token"
containerToken: ${{ secrets.GITHUB_TOKEN }}with:
vigilnzApiKey: ${{ secrets.VIGILNZ_API_KEY }}
scanTypes: "CONTAINER SCAN"
containerImage: "gcr.io/myproject/myapp:latest"
containerProvider: "google"
containerRegistryType: "gcr"
containerAuthType: "token"
containerToken: ${{ secrets.GCP_TOKEN }}with:
vigilnzApiKey: ${{ secrets.VIGILNZ_API_KEY }}
scanTypes: "CONTAINER SCAN"
containerImage: "myapp:latest"
containerProvider: "azure"
containerRegistryType: "acr-private"
containerRegistryUrl: "myregistry.azurecr.io"
containerAuthType: "token"
containerToken: ${{ secrets.AZURE_ACR_TOKEN }}with:
vigilnzApiKey: ${{ secrets.VIGILNZ_API_KEY }}
scanTypes: "SCA,SAST,DAST,CONTAINER SCAN"
projectName: "full-stack-app"
environment: "production"
# DAST configuration
dastScanType: "active"
dastTargetUrl: "https://myapp.example.com"
# Container configuration
containerImage: "myapp:latest"
containerProvider: "dockerhub"
containerAuthType: "none"
Vigilnz Security Scan is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
Tags
(2)Vigilnz Security Scan is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.