CI/CD integration

GitHub Actions Integration Guide

Native GitHub Action with automatic artifact collection

Get a Free API Key

Integrate Vulnetix into GitHub Actions with the native GitHub Action, automatic workflow artifact upload, and native SCA scanning. SARIF, CycloneDX, SPDX support.

Add Vulnetix to GitHub Actions

Create .github/workflows/vulnetix.yml and run the Vulnetix CLI in your GitHub Actions pipeline. It collects SARIF, CycloneDX and SPDX artifacts automatically and uploads them for centralised vulnerability management:

name: Vulnetix
on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
jobs:
  vulnetix:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - uses: actions/setup-go@v5
      with:
        go-version: stable
    - uses: Vulnetix/cli@v1
      with:
        org-id: ${{ secrets.VULNETIX_ORG_ID }}

Why run Vulnetix in GitHub Actions?

Every scan from every job lands in one queue, deduplicated and prioritised with EPSS, CISA KEV and Coalition ESS exploit intelligence — so your GitHub Actions pipeline gates merges on what is actually exploitable, not raw scanner noise.

All CI/CD integrations →  ·  All scanner integrations →