Configure GitHub Actions
Click to view navigation pane

Home

Configure GitHub Actions

You can scan the repository using the Qualys GitHub action template from the GitHub marketplace.

It then executes every action, such as pull request, push request, manual trigger, and scheduled job.

To add the Qualys GitHub action in your repository:

  1. In GitHub, navigate to your repository and click Actions.
  2. In the Actions tab, click Set up a workflow yourself.

    set_up_workflow.png

  3. In the Marketplace, enter Qualys to search for the Qualys TotalCloud IaC Security template.

    qualys_template.png

  4. Click the Qualys TotalCloud IaC Security to view the template.

  5. Copy the template and add it to the steps section in the .yml file. You can override the existing steps section or append with the template's contents.

  6. Click Start commit.

  7. Click Commit new file.

    commit_file.png

The file is committed to your repository. You can view the file in the repository under the workflows.

workflow.png

 The GitHub actions should include the actions/checkout step before the scan action. Otherwise, the scan action cannot access the IaC files to be scanned.

Next step: 

Trigger Scan