GitHub
GitHub Actions
The GitHub Actions scraper creates configuration items from GitHub Actions workflows. Specify the owner, repository, and branch to scrape.
github-actions.yamlapiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: github-actions-scraper
spec:
githubActions:
- owner: flanksource
repository: config-db
connection: connection://default/github-pat
branch: main
GitHub Repository
The GitHub Repository scraper creates GitHub::Repository config items and optionally fetches security alerts (Dependabot, code scanning, secret scanning) and OpenSSF Scorecard data as analyses.
github.yamlapiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: github
spec:
schedule: '@every 6h'
github:
- security: true
openssf: true
repositories:
- owner: flanksource
repo: duty
| Field | Description | Scheme | Required |
|---|---|---|---|
repositories | List of repositories to scrape | []GitHubRepository | true |
personalAccessToken | Personal access token for authentication | []EnvVar | |
connection | Connection name for GitHub credential | string | |
security | Enable Dependabot, code scanning, and secret scanning alerts | bool | |
openssf | Enable OpenSSF Scorecard data | bool | |
securityFilters | Filters for security alerts | SecurityFilters |
GitHubRepository
| Field | Description | Scheme | Required |
|---|---|---|---|
owner | GitHub repository owner | string | true |
repo | Exact repository name or comma-separated collections.MatchItems patterns. Pattern selectors skip archived repositories. | string | true |
Repository selectors
Use repository selectors when you want one GitHub scraper to discover multiple repositories for the same owner. The repo field supports exact names, * wildcards, comma-separated patterns, and ! exclusions from collections.MatchItems.
The following example discovers matching repositories for flanksource, mixes selector and exact entries, and deduplicates overlapping matches per GitHub scraper config.
github-repo-selectors.yamlapiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
name: github-repo-selectors
spec:
schedule: '@every 6h'
github:
- repositories:
# Repo selectors use collections.MatchItems syntax and are resolved
# against all visible, non-archived repositories for the owner.
- owner: flanksource
repo: config-db,mission-control
# Overlapping selectors are deduped per GitHub scraper config.
- owner: flanksource
repo: '*control'
# Exact repositories can be mixed with selectors.
- owner: flanksource
repo: duty
SecurityFilters
| Field | Description | Scheme |
|---|---|---|
severity | Filter alerts by severity (e.g. critical, high) | []string |
state | Filter alerts by state (e.g. open, fixed) | []string |
maxAge | Only include alerts newer than this duration (e.g. 7d, 24h) | string |