Integrate Vulnetix into GitHub Actions with the native GitHub Action, automatic workflow artifact upload, and native SCA scanning. SARIF, CycloneDX, SPDX support.
Add Vulnetix to GitHub Actions
Create .github/workflows/vulnetix.yml and run the Vulnetix CLI in your GitHub Actions pipeline. It collects SARIF, CycloneDX and SPDX artifacts automatically and uploads them for centralised vulnerability management:
name: Vulnetix
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
vulnetix:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: stable
- uses: Vulnetix/cli@v1
with:
org-id: ${{ secrets.VULNETIX_ORG_ID }}
Why run Vulnetix in GitHub Actions?
Every scan from every job lands in one queue, deduplicated and prioritised with EPSS, CISA KEV and Coalition ESS exploit intelligence — so your GitHub Actions pipeline gates merges on what is actually exploitable, not raw scanner noise.