Secure your CI/CD using just one line of code or our native Spectral Action in your GitHub Action workflows and enjoy mind-blowing scan speeds and maximum security.
Shift-left your GitHub security, and integrate Spectral directly into your CI/CD pipeline to build the perfect GitHub security scanning solution. Enforce policies and detect security issues in real time.
Enjoy native GitHub integration using our Spectral Action, which allows you to control build status and mitigates vulnerabilities with ever-green updates and no maintenance.
Zero-copy and no data sending from your CI — no special privileges required in order to start.
Mitigate vulnerabilities and orchestrate GitHub security with SpectralOps and optionally, custom outputs such as SARIF, JUnit and JSON.
name: Main
on: [push]
env:
SPECTRAL_DSN: ${{ secrets.SPECTRAL_DSN }}
jobs:
build:
name: Spectral
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install
# preflight is a tool that makes sure your CI processes run securely and are safe to use.
# To learn more and install preflight, see here: https://github.com/SpectralOps/preflight
run: curl -L "https://get.spectralops.io/latest/x/sh?dsn=$SPECTRAL_DSN" | preflight run
- name: Scan
run: $HOME/.spectral/spectral scan --ok
Spectral allows you to discover, classify, and protect your codebases, logs, and other assets with ease.
Leverage hundreds of custom detectors and proprietary machine learning models to detect and mitigate security vulnerabilities in code, configuration, and data.
Build your own custom detectors, custom workflows using the full power of the Spectral engine, seamlessly in your CI/CD pipelines.
Enjoy faster feedback times in your CI which provides better experience and contributes to lower costs, while connecting with SpectralOps for alerting, and security orchestration.
According to a study published in 2019, after a comprehensive scan of public GitHub repositories, a total of 575,456 instances of sensitive data such as API keys, private keys, OAuth IDs, AWS access key ID and various access tokens were discovered on the platform.
This whitepaper will review the dangers of secret leakage, the challenges in protecting secrets in the SDLC, and strategies for secret leakage mitigation.
The company’s leadership felt confident in their existing security tools and measures taken. They believed the company had adequate defenses in place to protect the company’s IP (intellectual property) and private information against external attacks.
Schedule a demo and get your questions answered. You’ll get a free account, and code protected.