After you obtained the API integration key and completed project and branch creation, next is to seamlessly integrate AmourZero's AI-powered Code Security Analysis into your Github.
Integration guide
1. Don't forget the unique API Key. You can go to left menu and select "Configuration" under DEVSECOPS section. You will see an unique API Key that have generated for you. Copy that API Key for following step.
2. Follow this video to add Repository Secrets in your GitHub repository.
Go to your GitHub repository. Click on "Settings" in the top navigation. Navigate to "Secrets" in the left sidebar. Click on "New repository secret", add a secret named AZ_TOKEN with your ArmourZero API key.
3. Create GitHub Actions Configuration File
Create a new file in your repository under the path .github/workflows/az-security-scan.yml and paste the provided configuration.
1
2 # .github/workflows/az-security-scan.yml
3
4 name: AZ-Security-Scan
5
6 on:
7 push:
8 branches:
9 - '*'
10 workflow_dispatch:
11
12 jobs:
13 armourzero_security_test_pre:
14 runs-on: ubuntu-latest
15
16 env:
17 AZ_API_KEY: "${{ secrets.AZ_TOKEN }}"
18 PROJECT_KEY: "TvIrAgIyArEtYzQhCQtixJRldHGqmMdF"
19 BRANCH_NAME: "${{ github.ref_name }}"
20 DOCKER_USERNAME: "${{ secrets.DOCKER_USERNAME }}"
21 DOCKER_TOKEN: "${{ secrets.DOCKER_TOKEN }}"
22 steps:
23 - name: Checkout Repository
24 uses: actions/checkout@v2
25
26 - name: ArmourZero Security Test (Pre)
27 run: |
28 docker login -u $DOCKER_USERNAME -p $DOCKER_TOKEN
29 docker run -v "$(pwd):/app/wrk" --rm armourzero/pipe-scan-dev:latest —apikey="$AZ_API_KEY" --projectkey="$PROJECT_KEY" --branch="$BRANCH_NAME" --repo="$GITHUB_REPOSITORY" --runEnv="demo"
30 continue-on-error: true
31
4. Save and Trigger a Push
Save the changes to the .github/workflows/az-security-scan.yml file. Commit and push the changes to your GitHub repository.
5. Monitor Actions
Go to the "Actions" tab on your GitHub repository. You'll see the status of your workflow. Click on it to view details.
Notes:
You can also access to the integration information by going to left menu and select "Projects" under DEVSECOPS section, click on the Project ID or the three dots action icon on the project, select "View Project". Then select Integrate menu.