Skip to main content

GitHub Actions

Cloudgeni does not need a special managed GitHub Action to be useful in CI. The stable pattern is to call the scan API directly from your workflow.

Static Analysis Example

name: cloudgeni-static-analysis

on:
  workflow_dispatch:
  pull_request:

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - name: Trigger Cloudgeni static analysis
        env:
          CLOUDGENI_API_URL: ${{ secrets.CLOUDGENI_API_URL }}
          CLOUDGENI_API_KEY: ${{ secrets.CLOUDGENI_API_KEY }}
          CLOUDGENI_ORG_ID: ${{ secrets.CLOUDGENI_ORG_ID }}
          CLOUDGENI_REPO_ID: ${{ secrets.CLOUDGENI_REPO_ID }}
        run: |
          curl --fail --silent --show-error \
            -X POST \
            -H "Content-Type: application/json" \
            -H "X-CLOUDGENI-API-KEY: $CLOUDGENI_API_KEY" \
            "$CLOUDGENI_API_URL/api/v1/organizations/$CLOUDGENI_ORG_ID/repositories/$CLOUDGENI_REPO_ID/static-analysis" \
            -d '{"analysisEngine":"checkov","excludedPaths":[]}'

If You Want Cloud Scans Instead

Call the cloud infra scan endpoint instead: /api/v1/organizations/:orgId/cloud/:integrationId/:analysisEngine/infra-scans Typical analysisEngine values in the current product:
  • prowler-ocsf
  • aws-security-hub
  • azure-defender

Next

See Scanning API for the endpoint shapes that back these examples.