- Create a new repository named
scan-test-runner-gitbub-actionsin your organization - Add the workflow file at
.github/workflows/test-scanner.yml - Ensure GitHub Actions is enabled for the repository
-
Navigate to your organization settings: Organization → Settings → Developer settings → GitHub Apps → New GitHub App
Or use this link:
https://github.com/organizations/{ORG}/settings/apps/new -
Configure the GitHub App:
Field Value GitHub App name BoostSecurity.io Scan Test RunnerHomepage URL https://boostsecurity.io/ Webhook Uncheck "Active" (not needed) -
Set Repository permissions:
Permission Access Actions Read and write Contents Read-only -
Set Where can this GitHub App be installed?:
- Select "Only on this account"
-
Click Create GitHub App
-
Note the App ID (displayed at the top of the app settings page)
- On the GitHub App settings page, scroll to Private keys
- Click Generate a private key
- A
.pemfile will be downloaded - keep this secure
- On the GitHub App settings page, click Install App in the left sidebar
- Select your organization
- Choose Only select repositories
- Select
test-runner-github - Click Install
Navigate to the scanner registry repository: Settings → Secrets and variables → Actions → New repository secret
| Secret Name | Value |
|---|---|
BOOST_SCAN_RUNNER_GITHUB_APP_ID |
The App ID from step 2 |
BOOST_SCAN_RUNNER_GITHUB_APP_PRIVATE_KEY |
Contents of the .pem file from step 3 |
- name: Generate GitHub App Token
id: github-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
owner: your-org
repositories: test-runner-github
- name: Run test-action
...