GitHub Actions
Run security scans automatically in your CI/CD pipeline.
Quick Setup
Add this workflow to .github/workflows/security.yml:
name: Security Scan
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Hacker Bot Scan
uses: hackerbot/action@v2
with:
api-key: ${{ secrets.HACKERBOT_API_KEY }}
target: https://staging.example.com
profile: standard
- name: Upload Results
uses: actions/upload-artifact@v4
with:
name: security-report
path: hackerbot-report.jsonConfiguration Options
| Input | Required | Description |
|---|---|---|
| api-key | Yes | Your Hacker Bot API key |
| target | Yes | Target URL to scan |
| profile | No | quick, standard, or deep (default: standard) |
| fail-on | No | Fail if severity found: critical, high, medium, low |
| wait | No | Wait for scan completion (default: true) |
Block PRs with Vulnerabilities
Prevent merging when critical vulnerabilities are found:
- name: Run Hacker Bot Scan
uses: hackerbot/action@v2
with:
api-key: ${{ secrets.HACKERBOT_API_KEY }}
target: https://staging.example.com
fail-on: critical # Fail the workflow on critical findingsDynamic Environments
Scan preview deployments automatically:
- name: Wait for Vercel Deployment
uses: patrickedqvist/wait-for-vercel-preview@v1.3.1
id: vercel
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run Hacker Bot Scan
uses: hackerbot/action@v2
with:
api-key: ${{ secrets.HACKERBOT_API_KEY }}
target: ${{ steps.vercel.outputs.url }}Secrets Setup
Store your API key as a GitHub secret:
- Go to your repository Settings → Secrets → Actions
- Click New repository secret
- Name:
HACKERBOT_API_KEY - Value: Your API key from the Hacker Bot dashboard