# Pynt for GitHub Actions

## **What is GitHub Actions?**

{% hint style="info" %}
💡 [**GitHub Actions**](https://github.com/features/actions) allows you to automate workflows for building, testing, and deploying code. With native integration into GitHub repositories, you can trigger workflows based on events like pushes, pull requests, and schedule automation tasks.
{% endhint %}

<figure><img src="https://3462681674-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZKwBF6q0tAGXlIih38HL%2Fuploads%2FqeOjhymdWT1wg4qQnP1t%2FGitHubActions.png?alt=media&#x26;token=8510d4d7-86e9-4ba6-8fe7-63fe1dbb0034" alt="" width="113"><figcaption><p>GitHub Actions</p></figcaption></figure>

***

## Pynt's integration with GitHub Actions

As part of its [API security testing](https://docs.pynt.io/documentation/api-security-testing), Pynt allows seamless [integration](https://docs.pynt.io/documentation/security-testing-integrations/pynt-on-ci-cd) with GitHub Actions.

Pynt for GitHub Actions enables you to seamlessly integrate powerful API security testing into your GitHub Actions CI/CD pipelines. By incorporating Pynt into your GitHub Actions workflows, you can automate comprehensive security scans with every build, ensuring that your APIs are protected from vulnerabilities throughout the development process. Pynt’s integration with GitHub Actions is designed to be straightforward, allowing you to enhance your security posture without disrupting your existing CI/CD practices.

***

## GitHub Actions Configuration

* Copy your [Pynt ID](https://docs.pynt.io/documentation/security-testing-integrations/pynt-on-ci-cd/how-to-get-pynt-id-for-ci-cd-authentication) into action secrets in your GitHub:

<figure><img src="https://3462681674-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZKwBF6q0tAGXlIih38HL%2Fuploads%2FKLOX8Ke70oNS0q3SbXR0%2Fimage.png?alt=media&#x26;token=85285cc0-2e00-4c54-873f-e4ffb5398f53" alt=""><figcaption><p>Add pynt-id to a Github secret</p></figcaption></figure>

* Make sure Python installed on the agent.
* Add Pynt to your workflow, see the following example of a job in a Github workflow that runs Pynt on our goat vulnerable application:

{% code overflow="wrap" %}

```yaml
name: Example pynt yml 
on: 
  workflow_dispatch:
    inputs: 
      comment: 
        type: string 
        default: "API Security tests"

env:
  PYNT_ID: ${{ secrets.YOURPYNTID }}

jobs:
 api-security:
  runs-on: ubuntu-latest

  steps: 
    - name: install pynt cli
      run: | 
        python3 -m pip install --upgrade pyntcli 
    - name: get goat collection 
      run: | 
        curl https://raw.githubusercontent.com/pynt-io/pynt/main/goat_functional_tests/goat.postman_collection.json -o goat.json 
    - name: run pynt with newman integration 
      run: | 
        pynt newman --collection goat.json --reporters
```

{% endcode %}

***

## Controlling the return code from Pynt

`pynt newman` and `pynt command` have an optional flag `--severity-level`

With this flag, you have granular control over whether Pynt returns an error code (non zero) in the event of findings. Use this flag to control when Pynt will break the CI/CD run, allowed values are:

```
'all', 'medium', 'high', 'critical', 'none' (default) 
```

***

{% hint style="info" %}
💡 **Need Help?** For any questions or troubleshooting, reach out to the [**Pynt Community Support**](https://www.pynt.io/community).
{% endhint %}