15.1. GitHub Actions#
Use FlareInspect in GitHub Actions to gate deployments on Cloudflare security posture.
15.1.1. Basic Workflow#
name: Cloudflare Security Assessment
on:
push:
branches: [main]
schedule:
- cron: "0 6 * * 1" # Weekly Monday 6 AM UTC
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "20"
- run: npm install
- name: Run assessment
run: |
node src/cli/index.js assess \
--token ${{ secrets.CLOUDFLARE_TOKEN }} \
--ci --threshold 80 --fail-on high
env:
CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
15.1.2. With SARIF Upload#
Upload results to GitHub Advanced Security:
- name: Run assessment
run: |
node src/cli/index.js assess \
--token ${{ secrets.CLOUDFLARE_TOKEN }} \
--ci --output assessment.json
node src/cli/index.js export \
-i assessment.json -f sarif -o results.sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
15.1.3. Secrets Setup#
Go to your repository → Settings → Secrets and variables → Actions
Add
CLOUDFLARE_TOKENwith your API token valueReference it in workflows as
${{ secrets.CLOUDFLARE_TOKEN }}