GitHub
Secure your GitHub repositories with Amplify.
Overview
The Amplify GitHub App integrates the Amplify Security Platform with GitHub to secure your GitHub repositories and provide actionable security code fixes directly to developers in Pull Requests.
The Amplify Security GitHub integration is currently in beta. Documentation and functionality may change frequently.
GitHub App
View the Amplify Security GitHub App on the GitHub Marketplace.
GitHub Action
View the Amplify Security GitHub Action on GitHub.
Components
GitHub App
The Amplify GitHub App installs in your GitHub organization and allows Amplify to make Requests to the GitHub API on behalf of your organization. Amplify uses these privileges to receive notifications about Pull Requests and GitHub Actions Workflows, and to commit security code fixes directly to your repositories when approved by a user. Amplify also has the ability to open Pull Requests and comment on Pull Requests to provide security feedback through the GitHub App.
GitHub Action
The Amplify GitHub Action is an action that runs configured security tools on your GitHub repository and sends security findings to the Amplify Platform. The Amplify GitHub Action is installed into the GitHub repositories added to the Github App when you approve the installation Pull Requests created by the Amplify Platform.
Amplify Workflow
The Amplify GitHub Actions Workflow is the workflow installed in any GitHub repositories added to the Amplify Platform. This Workflow runs the Amplify GitHub Action on every Pull Request and on every push to the repository’s default branch.
---
name: Amplify Security
on:
pull_request: {}
workflow_dispatch: {}
push:
branches: ["master", "main"]
permissions:
contents: read
id-token: write
jobs:
amplify-security-scan:
name: Amplify Security Scan
runs-on: ubuntu-latest
if: (github.actor != 'dependabot[bot]')
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Amplify Runner
uses: amplify-security/runner-action@v0.1.0
The Amplify Platform currently relies on the name of the Workflow to track and display GitHub Workflows correctly. Do not change the name of the Workflow. This restriction will be lifted soon.