🔥Save up to $132K/month in CI costs!Try Free
Skip to main content
← Back to workflows

How to Analyze and Secure Your GitHub Repositories with Legitify GitHub Action

Legit-Labs/legitify -
GitHub Action
v1.0.11
761
Contributors
Contributor - gal-legit
Categories
Links
GitHub
Open issues
5
Pull Requests
1
Usage
name: Legitify Analyze
on:
    workflow_dispatch:
    schedule:
      - cron: '0 11 * * 1-5'

jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - name: Legitify Action
        uses: Legit-Labs/legitify@main
        with:
          github_token: ${{ secrets.PAT_FOR_LEGITIFY }}
          ignore-policies: |
             non_admins_can_create_public_repositories
             requires_status_checks

legitify-action logo

Legitify Action

Strengthen the security of your GitHub repositories with automated analysis.

Legitify Analyze GitHub Action automates the process of analyzing your repositories for misconfigurations, security, and compliance issues. It helps identify and remediate issues across all GitHub assets with ease, improving the overall security posture of your source-code management.#

How to Provide GitHub Token

The github_token input is required to authenticate the action with GitHub. It should be a Personal Access Token (PAT) stored in your repository secrets.

with:
  github_token: ${{ secrets.PAT_FOR_LEGITIFY }}

How to Analyze Only the Current Repository

The analyze_self_only input, when set to true, limits the analysis to the repository from which the action is triggered.

with:
  analyze_self_only: true

How to Specify Repositories for Analysis

The repositories input allows you to specify a comma-separated list of repositories (in owner/repo format) to be analyzed. If left empty, all accessible repositories will be analyzed.

with:
  repositories: owner/repo1,owner/repo2

How to Set Legitify Base Version

The legitify_base_version input sets the base version of Legitify to use. Non-breaking changes will be auto-updated.

with:
  legitify_base_version: 1.0

How to Enable Scorecard Analysis

The scorecard input allows you to enable the Scorecard tool as part of the Legitify analysis. Possible values are no, yes, or verbose.

with:
  scorecard: yes

How to Upload Results to GitHub Code Scanning

The upload_code_scanning input determines whether the results of the analysis should be uploaded to GitHub Code Scanning. The default is true.

with:
  upload_code_scanning: true

How to Compile Legitify from Source

The compile_legitify input, when set to true, compiles Legitify from source using the specified legitify_base_version.

with:
  compile_legitify: true

How to Set Artifact Name for Private Repositories

The artifact_name input defines the name of the artifact under which the analysis report will be saved if the repository is private.

with:
  artifact_name: legitify-report

How to Ignore Specific Policies

The ignore-policies input allows you to specify a list of policies (one per line) to ignore during the analysis.

with:
  ignore-policies: |
    non_admins_can_create_public_repositories
    requires_status_checks

How to Pass Extra Arguments to Legitify

The extra input provides additional command-line arguments for Legitify that are not covered by other inputs.

with:
  extra: "--verbose"

Similar Workflows

bigdaz
671

Gradle Build Action

Execute your Gradle build and trigger dependency submission

adamhenson
480

Lighthouse Check

GitHub Action for running @GoogleChromeLabs Lighthouse audits with all the bells and whistles 🔔 Multiple audits, Slack notifications, and more!

elgohr
780

Publish Docker Containers

GitHub Action to build and push Docker containers using the Git branch as the Docker tag.