Skip to Content
CI CD IntegrationGitHub Actions: Setup

GitHub Actions: Setup

To use Hashsecured with GitHub Actions, you first need to add your credentials as repository secrets. This ensures your tokens are stored securely and are not exposed in your workflow files.

Prerequisites

  • A Hashsecured account and a created project.
  • Your User ID, Project ID, and API Token from the Hashsecured dashboard.

Storing Credentials as Secrets

For each repository where you want to run Hashsecured scans, you must add the following secrets:

  1. Navigate to your GitHub repository and go to Settings > Secrets and variables > Actions.
  2. Click New repository secret.
  3. Create a secret named Hashsecured_API_TOKEN and paste your API Token as the value.
  4. (Optional) If you plan to scan private GitHub repositories, you also need a GitHub Personal Access Token (PAT) with the repo scope. Create a secret named PAT_TOKEN with your PAT as the value.

Tip: We recommend using distinct secrets for your API Token and PAT to maintain security and clarity.

Mid-phase: Container Scan