Protect your workflows with real-time runtime security monitoring ⚡
The Garnet Runtime Security Action integrates the Jibril security scanner and both Garnet Backend and Dashboard to provide comprehensive runtime threat detection directly in your GitHub Actions workflows. Detect suspicious activity, network connections, and potential security threats as your workflow runs.
- 🚀 Seamless Integration - Easy to add to any workflow
- 🔭 Runtime Detection - Monitors your workflow as it executes
- 🔍 Extensive Monitoring - File access, execution, and network analysis
- 🌐 Network Policy Enforcement - Block suspicious connections automatically
- 📋 Detailed Logging - View comprehensive security information
Before using this action, you need to obtain a Garnet API token:
- Register or log in to Garnet
- Navigate to your account settings
- Create a new API token with appropriate permissions
- Save this token for the next step
Store your Garnet API token as a repository secret:
- Go to your repository on GitHub
- Navigate to Settings > Secrets and variables > Actions
- Click "New repository secret"
- Name:
GARNET_API_TOKEN - Value: Your Garnet API token from step 1
- Click "Add secret"
Add the following to your workflow file (e.g., .github/workflows/security-scan.yml):
name: Security Monitoring
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
monitor:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Garnet Runtime Security
uses: garnet-org/action@v1
with:
api_token: ${{ secrets.GARNET_API_TOKEN }}| Name | Description | Required | Default |
|---|---|---|---|
api_token |
API token for GarnetAI service | Yes | N/A |
api_url |
API URL for GarnetAI service | No | https://api.garnet.ai |
garnetctl_version |
Version of garnetctl CLI to download | No | latest |
jibril_version |
Jibril release version (without v prefix) | No | 2.9.1 |
debug |
Enable detailed debug output | No | false |
MIT
Made with ❤️ by the Garnet team