Skip to main content

GitHub

GitHub Actions

The GitHub Actions scraper creates configuration items from GitHub Actions workflows. Specify the owner, repository, and branch to scrape.

github-actions.yaml
apiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: github-actions-scraper
spec:
githubActions:
- owner: flanksource
repository: config-db
connection: connection://default/github-pat
branch: main

GitHub Repository

The GitHub Repository scraper creates GitHub::Repository config items and optionally fetches security alerts (Dependabot, code scanning, secret scanning) and OpenSSF Scorecard data as analyses.

github.yaml
apiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: github
spec:
schedule: '@every 6h'
github:
- security: true
openssf: true
repositories:
- owner: flanksource
repo: duty
FieldDescriptionSchemeRequired
repositoriesList of repositories to scrape[]GitHubRepositorytrue
personalAccessTokenPersonal access token for authentication[]EnvVar
connectionConnection name for GitHub credentialstring
securityEnable Dependabot, code scanning, and secret scanning alertsbool
openssfEnable OpenSSF Scorecard databool
securityFiltersFilters for security alertsSecurityFilters

GitHubRepository

FieldDescriptionSchemeRequired
ownerGitHub repository ownerstringtrue
repoExact repository name or comma-separated collections.MatchItems patterns. Pattern selectors skip archived repositories.stringtrue

Repository selectors

Use repository selectors when you want one GitHub scraper to discover multiple repositories for the same owner. The repo field supports exact names, * wildcards, comma-separated patterns, and ! exclusions from collections.MatchItems.

The following example discovers matching repositories for flanksource, mixes selector and exact entries, and deduplicates overlapping matches per GitHub scraper config.

github-repo-selectors.yaml
apiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: github-repo-selectors
spec:
schedule: '@every 6h'
github:
- repositories:
# Repo selectors use collections.MatchItems syntax and are resolved
# against all visible, non-archived repositories for the owner.
- owner: flanksource
repo: config-db,mission-control
# Overlapping selectors are deduped per GitHub scraper config.
- owner: flanksource
repo: '*control'
# Exact repositories can be mixed with selectors.
- owner: flanksource
repo: duty

SecurityFilters

FieldDescriptionScheme
severityFilter alerts by severity (e.g. critical, high)[]string
stateFilter alerts by state (e.g. open, fixed)[]string
maxAgeOnly include alerts newer than this duration (e.g. 7d, 24h)string