GitHub Native Integration

Seamlessly integrate Spyda into your repository lifecycle. From PR checks to Dependency Graph.

Not Configured
Step 1: App Installation
Grant Spyda secure read-only access to your repositories

Required Permissions:

  • Read-only code access
  • Dependency graph access
  • Checks API (for PR status updates)
  • Security events (SARIF upload)
Step 2: Workflow Setup
.github/workflows/spyda-scan.yml
name: Spyda Security Scan
on: [push, pull_request]
jobs:
  spyda-analysis:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/cache@v4
        with:
          path: .spyda/cache
          key: spyda-${{ runner.os }}-${{ hashFiles('**/lock.json') }}
      - uses: spyda-sec/action@v2
        with:
          api-key: ${{ secrets.SPYDA_API_KEY }}
          fail-on-threshold: true
          threshold: 80

Integration Features

Native Security Tab

Results uploaded via SARIF to GitHub's native Security tab.

PR Gating

Blocks merges if TrustScore < 80. Inline code annotations.

Dependency Graph

Deep traversal + GitHub maintainer health stats.

Issue Automation

Auto-opens issues for critical drops. Comments remediation fix.

GitHub Advanced Security (GHAS) Enhanced

Spyda correlates CodeQL and Secret Scanning results with confidence-weighted scoring to reduce false positives.

CodeQL
+
Secret Scanning
+
Spyda 2.0
=
High Confidence TrustScore