Quick start

Follow the simple guide below to integrate security monitoring into your GitHub actions workflows.

Sign in to listen.dev with your GitHub account. The first time you sign in, we automatically create your Organization and a default Project.

2. Get Your API Key

From your Project’s “Settings” page, copy the API Key. Keep this secret.

You will add this as a secret in your GitHub repo for actions.

• Add your API key as a GitHub Secret (e.g., LISTEN_API_KEY).

• In your repo’s .github/workflows/<your-workflow>.yml, add a step:

- uses: listendev/action@v0.13.1
  with:
    jwt: ${{ secrets.LSTN_API_KEY }}
    runtime: only

We recommend adding listen.dev in your workflow file after the repo checkout step - before updating or adding new external dependencies or tools.

On your next PR, listen.dev runs automatically. If malicious DNS calls are detected, you’ll see a PR comment and get a Slack alert.

Typical practice is running listen.dev on Pull Request triggers in GitHub, where you have rest of your checks

In-line results can be received in GitHub PR comments and in Slack (see below)
Detailed results can be seen In dashboard.listen.dev

• Go to your Slack workspace and set up an Incoming Webhook.

• Paste the Slack Webhook URL into your Project’s “Slack Integration” field on listen.dev.

See detailed guide for this here.

Woot! you just completed your first e2e workflow in listen.dev!

Last updated 2 days ago