Back to Blog

Pangea's GitHub Actions

Vanessa Villa
Vanessa Villa

So you want to add secure coding checks in your CI pipeline? You've come to the right place! We've made it so that you can call Pangea API's from GitHub Actions . This means you can now:

  • Check for malicious URLs sneaking around in your code

  • Store, manage, and rotate your secrets in Pangea's Vault

  • Have a tamper proof log of commits with Pangea's Secure Audit Log

  • Anything else you can imagine doing with the Pangea API's

We took the opportunity tho to help you get started though. Below are two examples of how we used Pangea in some Github Action.

Pangea's Vault + GitHub Actions

Store, rotate, and manage your secrets in Pangea Vault. The video above shows it in action and if you want to add this to your project, check out the Pangea Vault Secrets Action here.

Pangea's URL Reputation + PR

Here is an example of how we can identify URLs, run a Pangea Reputation check on them, and block the PR from getting merged. This action also logs the results into the Secure Audit log. Watch it run in the video above and check out the sample here.

Basic Pangea Call

So what if I don't want to do what those out of the box actions are doing? What if I wanted to create something of my own? Well here is some sample code for you to copy into a .yml file and create your own.

name: "Name of Your Workflow"
on:
  pull_request:
    types: [opened]
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
    - uses: pangeacyber/pangea-github-action-api@1.0.0
      with:
        endpoint: "<service name>.<call name>"    # example: audit.log
        payload: "<JSON payload>"
        token: ${{secrets.PANGEA_TOKEN}}
        domain: ${{secrets.PANGEA_DOMAIN}}
  1. Adjust the endpoint name to your desired API call. If you wanted to log a message, it would look like audit.log.

  2. Create a payload that is expected by that call. Check out our reference documentation for that information

  3. Make sure to add your Pangea Token and Pangea Domain to your repository's secrets.

Questions?

We’re here to help! Got questions? Join our Slack community

Mention us @pangeacyber on X / Twitter to tell us what you’re working on! We’re looking forward to seeing what you build!

Get updates in your inbox and subscribe to our newsletter

background landmass

We were recognized by Gartner®!

Pangea is a Sample Vendor for Composable Security APIs in the 2024 App Sec Hype Cycle report