GitHub Actions
Akto integrates with GitHub Actions to add automated API security testing to your workflows. This integration enables you to:
Run API security tests as part of your GitHub workflow
Automate security testing on pull requests
Block merges based on security test results
Prerequisites
GitHub repository with Actions enabled
Akto dashboard access
GitHub App installed and configured (required for PR comments)
Steps to Configure GitHub Actions
1. Create GitHub Actions Workflow
Create .github/workflows/akto-security.yml in your repository with the following content:
yamlCopyname: Akto Security Testing
on:
pull_request:
branches: [ main, develop ]
workflow_dispatch:
jobs:
security-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run CI/CD tests
uses: akto-api-security/[email protected]
with:
AKTO_DASHBOARD_URL: ${{vars.AKTO_DASHBOARD_URL}}
GITHUB_COMMIT_ID: ${{github.event.pull_request.head.sha}}
AKTO_API_KEY: ${{vars.AKTO_API_KEY}}
AKTO_TEST_ID: ${{vars.AKTO_TEST_ID}}
START_TIME_DELAY: 180 # Delay in seconds after which testing run is started, optional, default is 02. Configure GitHub Variables
Go to Repository Settings > Secrets and Variables > Actions
Add the following repository variables:
AKTO_DASHBOARD_URL: Your Akto dashboard URLAKTO_API_KEY: Your Akto API keyAKTO_TEST_ID: Your Akto test IDGITHUB_COMMIT_ID: For a particular PR (if needed)
3. Enable Required Status Checks
Navigate to Repository Settings > Branches
Add branch protection rule
Enable "Require status checks to pass before merging"
Add "Akto Security Testing" as a required check
4. Verify Integration
Create a new pull request
Check that Akto security tests run automatically
View test results in the GitHub Actions tab
Viewing Results
Check status of Akto CICD tests directly from GitHub pull requests through quality gates
Check result of Akto CICD tests directly from comment posted on Github pull request
Last updated
Was this helpful?