Integrating oak9 with Github Actions makes it possible for oak9 to scan the Infrastructure-as-code files (Terraform), review scan results in a number of formats, display Incidents on the Console, and optionally, cause a build to fail.
Setting up a GitHub Action Integration from oak9
In the oak9 app, navigate to the “Integrations” page and click on the “Add Integration” button under Githhub Action in the CI/CD Integrations section. See figure below.
Follow the steps in the pop up to begin the integration.
Select the “open Github marketplace” button and it will redirect the screen to the Github Action Marketplace.
Install the oak9 for free
Adding oak9 secrets to Github Actions
After installing the oak9 extension to GitHub, navigate to the Setting or Settings of the repo that needs to be integrated with
Go to “Secrets” & Click “New repository secret”
Enter the credentials for Organization ID and API Token provided by oak9 (navigate back to the pop up displaying this information)
Navigate to “Actions” & set up a new workflow
Copy paste the snippet provided in the pop up on the oak9 platform into the .yml file, or find the snippet from Featured Actions by searching oak9 in Marketplace
New action will start and oak9 from now on will scan with every action.
To view the Analysis Report, navigate to Actions, find the recent workflow and select oak9 Analysis Report
Oak9 Github Actions extension will now display Design Gaps based on your selected Severity