GitHub

​

Overview

The Amplify GitHub App integrates the Amplify Security Platform with GitHub to secure your GitHub repositories and provide actionable security code fixes directly to developers in Pull Requests.

​

Components

​

GitHub App

The Amplify GitHub App installs in your GitHub organization and allows Amplify to make Requests to the GitHub API on behalf of your organization. Amplify uses these privileges to receive notifications about Pull Requests and GitHub Actions Workflows, and to commit security code fixes directly to your repositories when approved by a user. Amplify also has the ability to open Pull Requests and comment on Pull Requests to provide security feedback through the GitHub App.

​

GitHub Action

The Amplify GitHub Action is an action that runs configured security tools on your GitHub repository and sends security findings to the Amplify Platform. The Amplify GitHub Action is installed into the GitHub repositories added to the Github App when you approve the installation Pull Requests created by the Amplify Platform.

​

Amplify Workflow

The Amplify GitHub Actions Workflow is the workflow installed in any GitHub repositories added to the Amplify Platform. This Workflow runs the Amplify GitHub Action on every Pull Request and on every push to the repository’s default branch.

---
name: Amplify Security
on:
  pull_request: {}
  workflow_dispatch: {}
  push:
    branches: ["master", "main"]

permissions:
  contents: read
  id-token: write

jobs:
  amplify-security-scan:
    name: Amplify Security Scan
    runs-on: ubuntu-latest
    if: (github.actor != 'dependabot[bot]')
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Amplify Runner
        uses: amplify-security/runner-action@v0.1.0