All Collections
Setting up code scanning
Aikido Local Scan Setup
Setting up Local Scanner in GitHub Actions
Setting up Local Scanner in GitHub Actions
Sander Keymeulen avatar
Written by Sander Keymeulen
Updated this week

By default, Aikido can scan your Github repositories in the cloud. If you do not wish to share access to your code, you can use the self-scan option. The Aikido Security Local Scanner is a tool that enables you to perform Aikido Security scans within your environment, in this case within Github Actions. The scans take place in the action and the results are then uploaded to the Aikido Security platform.

How to set up Local Scanning

Prerequisite: make sure to have created an account that allows for Local Scanning. More information on creating a Local Scanning Account.

1. Get your authentication token

  1. Generate an authentication token and copy. Note that you will only be able to view this token once.

  2. Add this token as argument --apikey when running the Local Scanner in your project.

  3. Save this token in your GitHub Secrets by going to Settings > Secrets and variables > Actions.

2. Running the Local Scanner

Now all that is left to run the scanner on your repository.

Make sure that the local scanner is only triggered for your default branch. By default, Aikido supports scanning one branch in your repository for dependency and code issues, typically the main or master branch. Therefore, we recommend running the local scanner exclusively on that branch to avoid mixing scan results on the Aikido platform. You can specify this in the 'on' section of your workflow file.

Using Docker

The easiest way to use our local scanner in your GitHub Actions is by using our Docker image.

Example .github/workflows/aikido-scan.yml:

- main

name: Aikido Scan
runs-on: ubuntu-latest
image: aikidosecurity/local-scanner:v1.0.15
- uses: actions/checkout@v4
token: ${{ secrets.GITHUB_TOKEN }}
path: my-repo
- name: Run scan
run: aikido-local-scanner scan my-repo --apikey ${{ secrets.AIKIDO_API_KEY }} --repositoryname MyRepo --branchname main

Specify your preferred branch using the --branchname option when executing the command.

If this is the first scan for this repository, Aikido will create a repository with the name you specified, containing all the scanning results. Subsequent scan results will be collected under this repository name in Aikido.

By default all scanners will be executed, if you'd like to run only a selection of scanners, you can do so by supplying the scanner names --scanners option. More information on CLI options can be found here.

3. Check your scanning results

After your first scan is done, you can go to the Aikido Feed to check out your results. A repository with the name you specified will have been created, containing all results from the scanning.

Did this answer your question?