GitHub Integration

How to scan your code with AquilaX with GitHub Action

AquilaX Security Scan GitHub Action

AquilaX Security Scan is a comprehensive security analysis tool designed to scan your repositories for vulnerabilities, including issues related to sensitive data exposure, insecure configurations, and common coding weaknesses. The AquilaX Security Scan integrates seamlessly into your CI/CD pipeline to automatically check your repository every time you push or open a pull request.

Why Use AquilaX Security Scan?

  • Automated Security Audits: Automatically scan your repository for security vulnerabilities every time code is pushed to the main branch or during pull requests.

  • Comprehensive Scanners: Includes scanners for sensitive data exposure (PII), insecure configurations (IaC), container vulnerabilities, code quality (SAST), and more.

  • SARIF Integration with GitHub Security: Easily upload scan results in SARIF format to GitHub's security dashboard for detailed insights.

  • Improved Security Posture: Identify and fix security vulnerabilities early in the development cycle to minimize risks.

  • Customizable: Allows you to set organization ID, group ID, and various scan configurations to suit your project needs.

Setup and Configuration

1. Add the GitHub Actions YAML File

First, create a new workflow file in your repository. This file will configure the AquilaX Security Scan as part of your CI/CD pipeline.

1. Create a .github/workflows/aquilax-security-scan.yml file.

Add the following content:

name: AquilaX Security Scan

on:
  push:
    branches:
      - main

permissions:
  contents: read
  security-events: write

env:
  ORG_ID: "ORG_ID"
  GROUP_ID: "GROUP_ID"

jobs:
  aquilax_scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.9'

      - name: Install AquilaX CLI
        run: pip install aquilax

      - name: AquilaX CI Scan
        env:
          AQUILAX_AUTH: ${{ secrets.AQUILAX_API_TOKEN }}
        run: |
          GIT_URL="https://github.com/${{ github.repository }}.git"
          aquilax ci-scan \
            "$GIT_URL" \
            --org-id "$ORG_ID" \
            --group-id "$GROUP_ID" \
            --scanners sast_scanner iac_scanner secret_scanner \
                   pii_scanner sca_scanner container_scanner cicd_scanner \
            --fail-on-vulns  # use this if you want to fail your pipeline if any bug is found

      - name: Upload SARIF to GitHub Security
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results.sarif

2. Set GitHub Secrets

To securely authenticate with AquilaX and prevent exposing sensitive information, set up your secrets in GitHub:

Navigate to your GitHub repository.

Click on Settings > Secrets and Variables > Actions.

Click New repository secret.

Add the following secrets:

AQUILAX_API_TOKEN: The API token for authenticating with AquilaX.

3. Set Organization ID and Group ID

In the YAML file, update the placeholders with your organization ID and group ID:

  ORG_ID: "ORG_ID"
  GROUP_ID: "GROUP_ID"

You can find these values from your AquilaX dashboard (app.aquilax.ai) / Aquilax CLI

aquilax get orgs # output is your org id
aquilax get groups --org-id "org_id"
--scanners sast_scanner iac_scanner secret_scanner pii_scanner sca_scanner container_scanner cicd_scanner \ # scanners you want to enable

Also, you can set

--fail_on_vulns # Vulnerabilities found, but pipeline will continue due to 'fail_on_vulns' set to false else if vulnerabilities are found pipeline will break.

Usage

Once you’ve set up the workflow and secrets:

Run on Push: Every time a new commit is pushed to the main branch, the AquilaX Security Scan will automatically start. Run on Pull Requests: The scan will also run on pull requests to main, ensuring that no vulnerabilities are introduced through new code changes.

Benefits of Using AquilaX Security Scan

Automated Security Checks

Screenshots

Support

For support, email omer@aquilax.ai.

Last updated