Skip to content

runsafesecurity/github-actions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
cleanup
cleanup
 
 
setup
setup
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Runsafe Platform Actions

The RunSafe Platform can integrate with your GitHub workflows to generate SBOMs, detect vulnerabilities, block builds with incompatible licenses, and more.

To integrate with C++ builds, you must configure your RunSafe license key as a GitHub secret and add RunSafe's GitHub setup and cleanup actions to your workflows, around your C++ builds.

Secrets

Your RunSafe license key can be found on the RunSafe Platform here. It must be specified as a secret named RUNSAFE_LICENSE_KEY either for your entire GitHub organization or each GitHub project which you configure with the RunSafe Platform. GitHub's documentation on configuring secrets can be found here.

GitHub Actions

RunSafe has two actions - setup and cleanup - which must be present for your C++ builds to integrate with the RunSafe Platform. The setup action must go before your C++ build and the cleanup action must go after your C++ build. The setup action must also be configured to be able to access your RUNSAFE_LICENSE_KEY secret.

If you have multiple jobs with C++ builds they must each be configured with these two RunSafe actions.

Example

Without RunSafe

This sample YAML is for a simple example C++ build of Hello World which only triggers on PRs against the branch main:

name: C++ Build Workflow
on:
  pull_request:
    branches:
      - main

jobs:
  cpp-build:
    name: C++ Build Job
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Build cpp
        description: Build hello_world with make
        run: make hello_world

With RunSafe

This sample YAML shows the same build with RunSafe integrated:

name: C++ Build Workflow
on:
  pull_request:
    branches:
      - main

jobs:
  cpp-build:
    name: C++ Build Job
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      # Runsafe Setup Action
      - uses: runsafesecurity/github-actions/setup@v1
        with:
          license_key: ${{ secrets.RUNSAFE_LICENSE_KEY }}
      - name: Build cpp
        description: Build hello_world with make
        run: make hello_world
      # Runsafe Cleanup Action
      - uses: runsafesecurity/github-actions/cleanup@v1

Diff

This highlights just the diff of adding the RunSafe Platform integration:

name: C++ Build Workflow
on:
  pull_request:
    branches:
      - main

jobs:
  cpp-build:
    name: C++ Build Job
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
+      # Runsafe Setup Action
+      - uses: runsafesecurity/github-actions/setup@v1
+        with:
+          license_key: ${{ secrets.RUNSAFE_LICENSE_KEY }}
      - name: Build cpp
        description: Build hello_world with make
        run: make hello_world
+      # Runsafe Cleanup Action
+      - uses: runsafesecurity/github-actions/cleanup@v1

About

Runsafe Platform Github Actions

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v1.1.0 Latest
Oct 21, 2025
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages