GitHub Actions

Akto integrates with GitHub Actions to add automated API security testing to your workflows. This integration enables you to:

• Run API security tests as part of your GitHub workflow

• Automate security testing on pull requests

• Block merges based on security test results

Prerequisites

• GitHub repository with Actions enabled

• Akto dashboard access

• Akto API credentials

• Valid test ID from Akto test

• GitHub App installed and configured (required for PR comments)

Steps to Configure GitHub Actions

1. Create GitHub Actions Workflow

Create .github/workflows/akto-security.yml in your repository with the following content:

2. Configure GitHub Variables

1. Go to Repository Settings > Secrets and Variables > Actions

2. Add the following repository variables:

   • AKTO_DASHBOARD_URL: Your Akto dashboard URL

   • AKTO_API_KEY: Your Akto API key

   • AKTO_TEST_ID: Your Akto test ID

   • GITHUB_COMMIT_ID: For a particular PR (if needed)

3. Enable Required Status Checks

1. Navigate to Repository Settings > Branches

2. Add branch protection rule

3. Enable "Require status checks to pass before merging"

4. Add "Akto Security Testing" as a required check

4. Verify Integration

1. Create a new pull request

2. Check that Akto security tests run automatically

3. View test results in the GitHub Actions tab

Viewing Results

1. Check status of Akto CICD tests directly from GitHub pull requests through quality gates

1. Check result of Akto CICD tests directly from comment posted on Github pull request