# Pynt for GitHub Actions

## **What is GitHub Actions?**

{% hint style="info" %}
💡 [**GitHub Actions**](https://github.com/features/actions) allows you to automate workflows for building, testing, and deploying code. With native integration into GitHub repositories, you can trigger workflows based on events like pushes, pull requests, and schedule automation tasks.
{% endhint %}

<figure><img src="/files/wb3QT3I3PvimOnkC4XJg" alt="" width="113"><figcaption><p>GitHub Actions</p></figcaption></figure>

***

## Pynt's integration with GitHub Actions

As part of its [API security testing](/documentation/api-security-testing/security-testing-overview.md), Pynt allows seamless [integration](/documentation/security-testing-integrations/pynt-on-ci-cd.md) with GitHub Actions.

Pynt for GitHub Actions enables you to seamlessly integrate powerful API security testing into your GitHub Actions CI/CD pipelines. By incorporating Pynt into your GitHub Actions workflows, you can automate comprehensive security scans with every build, ensuring that your APIs are protected from vulnerabilities throughout the development process. Pynt’s integration with GitHub Actions is designed to be straightforward, allowing you to enhance your security posture without disrupting your existing CI/CD practices.

***

## GitHub Actions Configuration

* Copy your [Pynt ID](/documentation/security-testing-integrations/pynt-on-ci-cd/how-to-get-pynt-id-for-ci-cd-authentication.md) into action secrets in your GitHub:

<figure><img src="/files/W38GqT8mysIMdnrbdMv7" alt=""><figcaption><p>Add pynt-id to a Github secret</p></figcaption></figure>

* Make sure Python installed on the agent.
* Add Pynt to your workflow, see the following example of a job in a Github workflow that runs Pynt on our goat vulnerable application:

{% code overflow="wrap" %}

```yaml
name: Example pynt yml 
on: 
  workflow_dispatch:
    inputs: 
      comment: 
        type: string 
        default: "API Security tests"

env:
  PYNT_ID: ${{ secrets.YOURPYNTID }}

jobs:
 api-security:
  runs-on: ubuntu-latest

  steps: 
    - name: install pynt cli
      run: | 
        python3 -m pip install --upgrade pyntcli 
    - name: get goat collection 
      run: | 
        curl https://raw.githubusercontent.com/pynt-io/pynt/main/goat_functional_tests/goat.postman_collection.json -o goat.json 
    - name: run pynt with newman integration 
      run: | 
        pynt newman --collection goat.json --reporters
```

{% endcode %}

***

## Controlling the return code from Pynt

`pynt newman` and `pynt command` have an optional flag `--severity-level`

With this flag, you have granular control over whether Pynt returns an error code (non zero) in the event of findings. Use this flag to control when Pynt will break the CI/CD run, allowed values are:

```
'all', 'medium', 'high', 'critical', 'none' (default) 
```

***

{% hint style="info" %}
💡 **Need Help?** For any questions or troubleshooting, reach out to the [**Pynt Community Support**](https://www.pynt.io/community).
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.pynt.io/documentation/security-testing-integrations/pynt-on-ci-cd/pynt-for-github-actions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.