GitHub Action Setup for Aikido CLI: Release Gating

The Aikido Security CI client allows you to integrate Aikido Security scans into CI pipelines. It helps ensure that security scans are part of your build process.

1. Get API token

Go to the Continuous Integration Settings page.
Generate a token and copy. Note that you will only be able to view this token once.
Save this token as AIKIDO_CLIENT_API_KEY in your GitHub Secrets by going to Settings > Secrets and variables > Actions.

2. Create a new GitHub Action workflow

Create a workflow file using this example:

Make sure that the local scanner is only triggered for your default branch. In the example below this is the 'main' branch. Adjust this if needed.

name: Aikido Release Gated Scan
on:
  push:
    branches:
      - main

jobs:
  aikido-scan:
    runs-on: ubuntu-latest

    steps:
      # Step 1: Set up Node.js
      - name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '22'

      # Step 2: Install dependencies
      - name: Install Aikido CI API Client
        run: npm install --global @aikidosec/ci-api-client

      # Step 3: Run Aikido Scan Release
      - name: Run Aikido Scan
        run: aikido-api-client scan-release ${{ github.event.repository.name }} $GITHUB_SHA --apikey ${{ secrets.AIKIDO_CLIENT_API_KEY }} --fail-on-sast-scan --fail-on-iac-scan --fail-on-secrets-scan

Tweak the command if needed, all options can be found here.

3. Run your first scan

When a new change is pushed to your default branch, the workflow will be triggered. A scan will run and fail if new issues have been detected.

Last updated 11 months ago

Was this helpful?

hashtag1. Get API token

hashtag2. Create a new GitHub Action workflow

hashtag3. Run your first scan

1. Get API token

2. Create a new GitHub Action workflow

3. Run your first scan