GitHub Native Integration

Connect repositories, ingest their dependency graph, and score them automatically.

Checking…
Checking GitHub connection…
CI Workflow (optional)
.github/workflows/spyda-scan.yml
name: Spyda Security Scan
on: [push, pull_request]
jobs:
  spyda-analysis:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: spyda-sec/action@v2
        with:
          api-key: ${{ secrets.SPYDA_API_KEY }}
          fail-on-threshold: true
          threshold: 80

What you get

Dependency ingestion

Pulls the repo's SPDX dependency graph from GitHub.

Automatic scoring

Maps dependencies and licenses into a real TrustScore.

PR gating

Blocks merges when TrustScore drops below threshold.

Continuous monitoring

Push & PR webhooks re-score on every change.