Back to Redakta

GitHub Actions Integration

Automatically scan on every push

Catches AI-hallucinated packages
Detects typosquatting attacks
Finds known vulnerabilities
Fails build on critical issues

Quick Setup

1Create workflow file

Create .github/workflows/redakta.yml in your repository:

name: Redakta Security Scan

on:
  push:
    paths:
      - 'requirements.txt'
      - 'package.json'
      - 'pubspec.yaml'
      - 'go.mod'
      - 'Cargo.toml'
      - 'Package.swift'
  pull_request:
    paths:
      - 'requirements.txt'
      - 'package.json'
      - 'pubspec.yaml'
      - 'go.mod'
      - 'Cargo.toml'
      - 'Package.swift'

jobs:
  security-scan:
    runs-on: ubuntu-latest
    name: Scan Dependencies
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Scan Python dependencies
        if: hashFiles('requirements.txt') != ''
        run: |
          RESPONSE=$(curl -s -X POST https://redakta.nu/api/scan \
            -H "Content-Type: application/json" \
            -d "{\"content\": $(cat requirements.txt | jq -Rs .), \"ecosystem\": \"pypi\"}")
          echo "$RESPONSE" | jq .
          CRITICAL=$(echo "$RESPONSE" | jq '.summary.critical')
          if [ "$CRITICAL" -gt 0 ]; then exit 1; fi

      - name: Scan Node.js dependencies
        if: hashFiles('package.json') != ''
        run: |
          RESPONSE=$(curl -s -X POST https://redakta.nu/api/scan \
            -H "Content-Type: application/json" \
            -d "{\"content\": $(cat package.json | jq -Rs .), \"ecosystem\": \"npm\"}")
          echo "$RESPONSE" | jq .
          CRITICAL=$(echo "$RESPONSE" | jq '.summary.critical')
          if [ "$CRITICAL" -gt 0 ]; then exit 1; fi

      - name: Scan Go dependencies
        if: hashFiles('go.mod') != ''
        run: |
          RESPONSE=$(curl -s -X POST https://redakta.nu/api/scan \
            -H "Content-Type: application/json" \
            -d "{\"content\": $(cat go.mod | jq -Rs .), \"ecosystem\": \"go\"}")
          echo "$RESPONSE" | jq .
          CRITICAL=$(echo "$RESPONSE" | jq '.summary.critical')
          if [ "$CRITICAL" -gt 0 ]; then exit 1; fi

      - name: Scan Rust dependencies
        if: hashFiles('Cargo.toml') != ''
        run: |
          RESPONSE=$(curl -s -X POST https://redakta.nu/api/scan \
            -H "Content-Type: application/json" \
            -d "{\"content\": $(cat Cargo.toml | jq -Rs .), \"ecosystem\": \"cargo\"}")
          echo "$RESPONSE" | jq .
          CRITICAL=$(echo "$RESPONSE" | jq '.summary.critical')
          if [ "$CRITICAL" -gt 0 ]; then exit 1; fi

      - name: Scan Swift dependencies
        if: hashFiles('Package.swift') != ''
        run: |
          RESPONSE=$(curl -s -X POST https://redakta.nu/api/scan \
            -H "Content-Type: application/json" \
            -d "{\"content\": $(cat Package.swift | jq -Rs .), \"ecosystem\": \"swift\"}")
          echo "$RESPONSE" | jq .
          CRITICAL=$(echo "$RESPONSE" | jq '.summary.critical')
          if [ "$CRITICAL" -gt 0 ]; then exit 1; fi
2Commit and push
Terminal
git add .github/workflows/redakta.yml && git commit -m "Add Redakta security scan" && git push
3Done!

Redakta will now scan your dependencies automatically whenever you push changes to your dependency files.

Supported Dependency Files

requirements.txt

Python / PyPI

package.json

Node.js / npm

pubspec.yaml

Flutter / pub.dev

go.mod

Go / pkg.go.dev

Cargo.toml

Rust / crates.io

Package.swift

Swift / SPM

© 2025 Redakta • Powered by SEKURA.SE